EDB-52336
remotemultiple
FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
CVE-2024-50562
Shahid Hakim6/20/2025
CVE-2024-50562
4.8MEDIUMAn Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker
Publicado: 6/10/2025Actualizado: 7/25/2025
Descripción
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out.
Análisis IAImpulsado por IA
Productos Afectados
fortinetfortisase
24.4.60
fortinetfortios
fortinetfortios
fortinetfortios
7.6.0
Exploits Disponibles (1)
Referencias
- https://fortiguard.fortinet.com/psirt/FG-IR-24-339Vendor Advisory