4.8

CVE-2024-50562

Medienbericht
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortisase Version24.4.60 SwEdition-
FortinetFortiOS Version >= 6.4.0 < 7.2.11
FortinetFortiOS Version >= 7.4.0 < 7.4.8
FortinetFortiOS Version7.6.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.08% 0.606
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@fortinet.com 4.8 2.2 2.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE-613 Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
https://fortiguard.fortinet.com/psirt/FG-IR-24-339
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-864900.html