Описание
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.1 (включая)
cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00408
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-613
Связанные уязвимости
github
больше 3 лет назад
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
EPSS
Процентиль: 61%
0.00408
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-613