Improper Inter ADOM access control Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-043 Final 1 1 2021-11-02T00:00:00 Current version 2021-11-02T00:00:00 2021-11-02T00:00:00 An improper access control vulnerability [CWE-284] in FortiManager may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager. None Improper access control FortiManager version 6.4.4 and 6.4.5 .Please note that FortiManager version 6.4.3 and below are NOT impacted by this issue. Please upgrade to FortiManager version 6.4.6 or above.Please upgrade to FortiManager version 7.0.0 or above. CVE-2021-26107 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:H/RL:W/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-043 Improper Inter ADOM access control Reference>