CVE-2021-24019

An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
References
Link Resource
https://fortiguard.com/advisory/FG-IR-20-072 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:forticlient_endpoint_management_server:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:forticlient_endpoint_management_server:*:*:*:*:*:*:*:*

History

14 Oct 2021, 14:39

Type Values Removed Values Added
CPE cpe:2.3:a:fortinet:forticlient_endpoint_management_server:*:*:*:*:*:*:*:*
References (CONFIRM) https://fortiguard.com/advisory/FG-IR-20-072 - (CONFIRM) https://fortiguard.com/advisory/FG-IR-20-072 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CWE CWE-613

06 Oct 2021, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-06 10:15

Updated : 2024-02-04 22:08


NVD link : CVE-2021-24019

Mitre link : CVE-2021-24019

CVE.ORG link : CVE-2021-24019


JSON object : View

Products Affected

fortinet

  • forticlient_endpoint_management_server
CWE
CWE-613

Insufficient Session Expiration