An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted.
                
            References
                    | Link | Resource | 
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-24-035 | Vendor Advisory | 
Configurations
                    Configuration 1 (hide)
| 
 | 
History
                    22 Jul 2025, 17:07
| Type | Values Removed | Values Added | 
|---|---|---|
| CPE | cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:* | |
| First Time | Fortinet fortiisolator Fortinet fortisandbox Fortinet | |
| References | () https://fortiguard.fortinet.com/psirt/FG-IR-24-035 - Vendor Advisory | 
22 Jul 2025, 13:06
| Type | Values Removed | Values Added | 
|---|---|---|
| Summary | 
 | 
18 Jul 2025, 08:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-07-18 08:15
Updated : 2025-07-22 17:07
NVD link : CVE-2024-27779
Mitre link : CVE-2024-27779
CVE.ORG link : CVE-2024-27779
JSON object : View
Products Affected
                fortinet
- fortisandbox
- fortiisolator
CWE
                
                    
                        
                        CWE-613
                        
            Insufficient Session Expiration
