VYPR
Unrated severityNVD Advisory· Published Aug 13, 2024· Updated Aug 13, 2024

CVE-2022-45862

CVE-2022-45862

Description

An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials.

Affected products

8
  • Fortinet/Fortiswitchmanagerllm-fuzzy2 versions
    <=7.2.1, 7.0 all+ 1 more
    • (no CPE)range: <=7.2.1, 7.0 all
    • (no CPE)range: 7.2.0
  • Fortinet/Fortiproxyllm-fuzzy2 versions
    7.2 all, 7.0 all+ 1 more
    • (no CPE)range: 7.2 all, 7.0 all
    • (no CPE)range: 7.2.0
  • Fortinet/Fortipamllm-fuzzy2 versions
    1.3 all, 1.2 all, 1.1 all, 1.0 all+ 1 more
    • (no CPE)range: 1.3 all, 1.2 all, 1.1 all, 1.0 all
    • (no CPE)range: 1.3.0
  • Fortinet/Fortiosllm-fuzzy2 versions
    <=7.2.5, 7.0 all, 6.4 all+ 1 more
    • (no CPE)range: <=7.2.5, 7.0 all, 6.4 all
    • (no CPE)range: 7.2.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.