EDB-52336
remotemultiple
FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
CVE-2024-50562
Shahid Hakim6/20/2025
CVE-2024-50562
4.8MEDIUMAn Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker
게시됨: 6/10/2025업데이트됨: 7/25/2025
설명
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out.
AI 분석AI 기반
영향받는 제품
fortinetfortisase
24.4.60
fortinetfortios
fortinetfortios
fortinetfortios
7.6.0
사용 가능한 익스플로잇 (1)
참조
- https://fortiguard.fortinet.com/psirt/FG-IR-24-339Vendor Advisory