An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials.
2024-08-13T16:15:07.977
2024-08-22T14:32:16.823
Analyzed
CVSSv3.1: 3.7 (LOW)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | fortinet | fortiproxy | < 7.4.0 | Yes |
| Application | fortinet | fortiswitchmanager | < 7.2.2 | Yes |
| Operating System | fortinet | fortios | < 7.2.6 | Yes |
| Operating System | fortinet | fortipam | < 1.4.0 | Yes |