#VU112471 Insufficient Session Expiration in FortiIsolator and FortiSandbox - CVE-2024-27779
Vulnerability identifier: #VU112471
Vulnerability risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-613
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
FortiIsolator
Server applications /
IDS/IPS systems, Firewalls and proxy servers
FortiSandbox
Server applications /
DLP, anti-spam, sniffers
Vendor: Fortinet, Inc
Description
The vulnerability allows a remote privileged user to compromise the affected system.
The vulnerability exists due to insufficient session expiration. A remote attacker in possession of an admin session cookie can keep using that admin's session even after the admin user was deleted.
Mitigation
Install update from vendor's website.
Vulnerable software versions
FortiIsolator: 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4
FortiSandbox: 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4
External links
https://www.fortiguard.com/psirt/FG-IR-24-035
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
