CVE-2021-24006: [FortiManager] A restricted admin can access SD-WAN ORCHESTRATOR panel
First published: Tue Aug 03 2021(Updated: )
An improper access control vulnerability [CWE-284] in FortiManager may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiManager | >=6.4.0<6.4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this FortiManager vulnerability?
The vulnerability ID for this FortiManager vulnerability is CVE-2021-24006.
Which versions of FortiManager are affected by this vulnerability?
FortiManager versions 6.4.0 to 6.4.3 are affected by this vulnerability.
What is the severity level of CVE-2021-24006?
The severity level of CVE-2021-24006 is high, with a CVSS score of 8.8.
What is the impact of this vulnerability?
This vulnerability allows an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL.
Is there a fix available for this vulnerability?
Yes, a fix for this vulnerability is available in FortiManager version 6.4.4.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/author
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2021-24006
- collector/fortiguard-psirt
- agent/title
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/fortinet
- canonical/fortinet fortimanager
- version/fortinet fortimanager/6.4.0