CVE-2020-6649

9.8CRITICAL

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiisolator
Vendor: CVE Published:; 8 February 2021

Summary

An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)

Affected Version(s)

Fortinet FortiIsolator FortiIsolator 2.0.1

References

https://fortiguard.com/advisory/FG-IR-20-011

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2021
Vulnerability Reserved
Jan 9, 2020