← back
CVE-2020-6649

CVE-2020-6649

EPSS 1.5%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Feb 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
Affected products
Fortinet · Fortinet FortiIsolator

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.com/advisory/FG-IR-20-011