Main Vulnerability Database Exploits ID:11264 - Exploit for Insufficient Session Expiration in FortiClientEMS - CVE-2021-24019

ID:11264 - Exploit for Insufficient Session Expiration in FortiClientEMS - CVE-2021-24019

Published: March 31, 2025

Vulnerability identifier: #VU57075

Vulnerability risk: High

CVE-ID: CVE-2021-24019

CWE-ID: CWE-613

Exploitation vector: Remote access

Vulnerable software:
FortiClientEMS

Link to public exploit:

https://github.com/cnetsec/CVE-2021-24019

Vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to insufficient session expiration issue. A remote non-authenticated attacker can reuse the unexpired admin user session IDs to gain admin privileges.

Remediation

Install updates from vendor's website.

ID:11264 - Exploit for Insufficient Session Expiration in FortiClientEMS - CVE-2021-24019

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human