Vulnerabilities > CVE-2022-45862 - Insufficient Session Expiration vulnerability in Fortinet products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

fortinet

CWE-613

NVD

Published: 2024-08-13

Updated: 2024-08-22

Summary

An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials.

Vulnerable Configurations

Part	Description	Count
OS	Fortinet Fortinet Fortios 6.4.0 Fortinet Fortios 6.4.1 Fortinet Fortios 6.4.2 Fortinet Fortios 6.4.3 Fortinet Fortios 6.4.4 Fortinet Fortios 6.4.5 Fortinet Fortios 6.4.6 Fortinet Fortios 6.4.7 Fortinet Fortios 6.4.8 Fortinet Fortios 6.4.9 Fortinet Fortios 6.4.10 Fortinet Fortios 6.4.11 Fortinet Fortios 6.4.12 Fortinet Fortios 6.4.13 Fortinet Fortios 6.4.14 Fortinet Fortios 6.4.15 Fortinet Fortios 7.0.0 Fortinet Fortios 7.0.1 Fortinet Fortios 7.0.2 Fortinet Fortios 7.0.3 Fortinet Fortios 7.0.4 Fortinet Fortios 7.0.5 Fortinet Fortios 7.0.6 Fortinet Fortios 7.0.7 Fortinet Fortios 7.0.8 Fortinet Fortios 7.0.9 Fortinet Fortios 7.0.10 Fortinet Fortios 7.0.11 Fortinet Fortios 7.0.12 Fortinet Fortios 7.0.13 Fortinet Fortios 7.0.14 Fortinet Fortios 7.2.0 Fortinet Fortios 7.2.1 Fortinet Fortios 7.2.2 Fortinet Fortios 7.2.3 Fortinet Fortios 7.2.4 Fortinet Fortios 7.2.5 Fortinet Fortipam 1.0.0 Fortinet Fortipam 1.0.1 Fortinet Fortipam 1.0.2 Fortinet Fortipam 1.0.3 Fortinet Fortipam 1.1.0 Fortinet Fortipam 1.1.1	43
Application	Fortinet Fortinet Fortiswitchmanager 7.0.0 Fortinet Fortiswitchmanager 7.0.1 Fortinet Fortiswitchmanager 7.2.0 Fortinet Fortiswitchmanager 7.2.1 Fortinet Fortiproxy 7.0.0 Fortinet Fortiproxy 7.0.1 Fortinet Fortiproxy 7.0.2 Fortinet Fortiproxy 7.0.3 Fortinet Fortiproxy 7.0.4 Fortinet Fortiproxy 7.0.5 Fortinet Fortiproxy 7.0.6 Fortinet Fortiproxy 7.0.7 Fortinet Fortiproxy 7.0.8 Fortinet Fortiproxy 7.0.9 Fortinet Fortiproxy 7.0.10 Fortinet Fortiproxy 7.0.11 Fortinet Fortiproxy 7.0.14 Fortinet Fortiproxy 7.0.15 Fortinet Fortiproxy 7.2.0 Fortinet Fortiproxy 7.2.1 Fortinet Fortiproxy 7.2.2 Fortinet Fortiproxy 7.2.3 Fortinet Fortiproxy 7.2.4 Fortinet Fortiproxy 7.2.5 Fortinet Fortiproxy 7.2.8 Fortinet Fortiproxy 7.2.9	26

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://fortiguard.com/psirt/FG-IR-22-445