PT-2025-24709 · Fortinet · Fortios Ssl-Vpn+1
Published
2025-06-10
·
Updated
2025-06-10
·
CVE-2024-50562
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FortiOS SSL-VPN versions 7.6.0, 7.4.6 and below, 7.2.10 and below, 7.0 all versions, 6.4 all versions
Description
The issue is related to an Insufficient Session Expiration, which may allow an attacker with a cookie used to log in to the SSL-VPN portal to log in again, even if the session has expired or was logged out.
Recommendations
For FortiOS SSL-VPN version 7.6.0, update to a version that includes a fix for this issue.
For FortiOS SSL-VPN version 7.4.6 and below, update to a version that includes a fix for this issue.
For FortiOS SSL-VPN version 7.2.10 and below, update to a version that includes a fix for this issue.
For FortiOS SSL-VPN version 7.0 all versions, update to a version that includes a fix for this issue.
For FortiOS SSL-VPN version 6.4 all versions, update to a version that includes a fix for this issue.
Exploit
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios Ssl-Vpn
Fortios