An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out.
2025-06-10T17:19:25.360
2025-07-25T15:25:23.913
Analyzed
CVSSv3.1: 4.8 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | fortinet | fortisase | 24.4.60 | Yes |
| Operating System | fortinet | fortios | < 7.2.11 | Yes |
| Operating System | fortinet | fortios | < 7.4.8 | Yes |
| Operating System | fortinet | fortios | 7.6.0 | Yes |