CVE-2024-50562 | THREATINT

Description

An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out.

PUBLISHED Reserved 2024-10-24 | Published 2025-06-10 | Updated 2025-06-10 | Assigner fortinet

MEDIUM: 4.4CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:X/RC:R

Problem types

Improper access control

Product status

Default status

unaffected

7.6.0

affected

7.4.6

affected

7.4.0 (semver)

affected

7.2.0 (semver)

affected

7.0.0 (semver)

affected

6.4.0 (semver)

affected

Default status

unaffected

1.4.0 (semver)

affected

1.3.0

affected

1.2.0

affected

1.1.0 (semver)

affected

1.0.0 (semver)

affected

Default status

unaffected

7.6.0

affected

7.4.0 (semver)

affected

7.2.0 (semver)

affected

7.0.0 (semver)

affected

2.0.0 (semver)

affected

References

fortiguard.fortinet.com/psirt/FG-IR-24-339

cve.org (CVE-2024-50562)

nvd.nist.gov (CVE-2024-50562)

Download JSON