An improper authentication vulnerability [CWE-287] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the devices health and status, or cause a denial of service via crafted OFTP requests.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.