Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker (e.g. a former admin whose account was removed and whose session was terminated) in possession of the SAML record of a user session to access or re-open that session via re-use of SAML record.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Fortinet FortiOS SSL-VPN 代码问题漏洞
Vulnerability Description
Fortinet FortiOS SSL-VPN是美国飞塔(Fortinet)公司的一款VPN软件。 Fortinet FortiOS SSL-VPN存在代码问题漏洞,该漏洞源于会话过期不足,可能导致远程攻击者通过重用SAML记录重新打开会话。以下版本受到影响:7.6.0版本至7.6.2版本、7.4.0版本至7.4.6版本、7.2.0版本至7.2.10版本、7.0.0版本至7.0.16版本和6.4所有版本。
CVSS Information
N/A
Vulnerability Type
N/A