EDB-52336
remotemultiple
FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
CVE-2024-50562
Shahid Hakim6/20/2025
CVE-2024-50562
4.8MEDIUMAn Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker
Published: 6/10/2025Updated: 7/25/2025
Description
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out.
AI AnalysisPowered by AI
Affected Products
fortinetfortisase
24.4.60
fortinetfortios
fortinetfortios
fortinetfortios
7.6.0
Available Exploits (1)
References
- https://fortiguard.fortinet.com/psirt/FG-IR-24-339Vendor Advisory