An improper access control vulnerability [CWE-284] in FortiManager may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.
FortiManager version 6.4.4 and 6.4.5 .
Please note that FortiManager version 6.4.3 and below are NOT impacted by this issue.
Please upgrade to FortiManager version 6.4.6 or above.
Please upgrade to FortiManager version 7.0.0 or above.