CVE-2022-45862
Aug. 13, 2024, 5:11 p.m.
Tags
CVSS Score
Product(s) Impacted
FortiOS
- 7.2.5 and below
- 7.0 all versions
- 6.4 all versions
FortiProxy
- 7.2 all versions
- 7.0 all versions
FortiPAM
- 1.3 all versions
- 1.2 all versions
- 1.1 all versions
- 1.0 all versions
FortiSwitchManager
- 7.2.1 and below
- 7.0 all versions
Description
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials.
Weaknesses
CWE-613
Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
CWE ID: 613Date
Published: Aug. 13, 2024, 4:15 p.m.
Last Modified: Aug. 13, 2024, 5:11 p.m.
Status : Undergoing Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
More infoSource
psirt@fortinet.com
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
Base Score
Exploitability Score
Impact Score
Base Severity
LOWCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N