Insufficient Session Expiration in FortiAIOps by Fortinet
CVE-2024-27782

9.8CRITICAL

Key Information:

Vendor: Fortinet
Status: Fortiaiops
Vendor: CVE Published:; 9 July 2024

Summary

The insufficient session expiration vulnerabilities present in FortiAIOps version 2.0.0 expose users to significant security risks. Attackers may exploit these vulnerabilities by reusing compromised session tokens to execute unauthorized operations through specially crafted requests. This can lead to a wide range of adverse impacts on sensitive data and operational integrity. It is crucial for organizations utilizing FortiAIOps to apply necessary updates and implement safeguards to mitigate these vulnerabilities effectively.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-069

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024