CVE-2021-26107: Improper Inter ADOM access control
First published: Tue Nov 02 2021(Updated: )
An improper access control vulnerability [CWE-284] in FortiManager may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiManager | =6.4.4 | |
| Fortinet FortiManager | =6.4.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this FortiManager vulnerability?
The vulnerability ID for this FortiManager vulnerability is CVE-2021-26107.
What is the description of CVE-2021-26107?
CVE-2021-26107 is an improper access control vulnerability in FortiManager versions 6.4.4 and 6.4.5 that may allow an authenticated attacker to modify the VPN tunnel status of other VDOMs using VPN Manager.
Which versions of FortiManager are affected by CVE-2021-26107?
CVE-2021-26107 affects FortiManager versions 6.4.4 and 6.4.5.
What is the severity of CVE-2021-26107?
The severity of CVE-2021-26107 is medium with a CVSS score of 4.3.
How can I fix CVE-2021-26107?
To fix CVE-2021-26107, users should update their FortiManager software to a version that is not affected by the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2021-26107
- collector/fortiguard-psirt
- agent/references
- agent/severity
- agent/title
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- vendor/fortinet
- canonical/fortinet fortimanager
- version/fortinet fortimanager/6.4.4
- version/fortinet fortimanager/6.4.5