Main Vulnerability Database Vulnerabilities #VU112471

#VU112471 Insufficient Session Expiration in FortiIsolator and FortiSandbox - CVE-2024-27779

Published: July 8, 2025

Vulnerability identifier: #VU112471

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-27779

CWE-ID: CWE-613

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiIsolator
FortiSandbox

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote privileged user to compromise the affected system.

The vulnerability exists due to insufficient session expiration. A remote attacker in possession of an admin session cookie can keep using that admin's session even after the admin user was deleted.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-24-035

#VU112471 Insufficient Session Expiration in FortiIsolator and FortiSandbox - CVE-2024-27779

Description

Remediation

External links

Please verify you're human