← voltar
CVE-2024-27779

CVE-2024-27779

CVSS 6.3 MEDIUMEPSS 0.5%CWE-613
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.3EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 jul 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L/E:P/RL:X/RC:C
Produtos afetados
Fortinet · FortiIsolatorFortinet · FortiSandbox

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://fortiguard.fortinet.com/psirt/FG-IR-24-035