An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.

Related CVEs

CVE-2021-26107

Key Information

GHSA ID

GHSA-w484-2gxp-43x9

Published

May 24, 2022 7:19 PM

Last Modified

June 29, 2022 12:00 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 11, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.