EDB-52336
remotemultiple
FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
CVE-2024-50562
Shahid Hakim6/20/2025
CVE-2024-50562
4.8MEDIUMAn Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker
Publicado: 6/10/2025Atualizado: 7/25/2025
Descrição
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out.
Análise IADesenvolvido por IA
Produtos Afetados
fortinetfortisase
24.4.60
fortinetfortios
fortinetfortios
fortinetfortios
7.6.0
Exploits Disponíveis (1)
Referências
- https://fortiguard.fortinet.com/psirt/FG-IR-24-339Vendor Advisory