VYPR
Medium severity4.8NVD Advisory· Published Jun 10, 2025· Updated Jun 9, 2026

CVE-2024-50562

CVE-2024-50562

Description

An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:fortinet:fortisase:24.4.60:*:*:*:-:*:*:*
  • Fortinet/Fortios2 versions
    cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*range: >=6.4.0,<7.2.11
    • cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
    Range: 1.4.0
  • Range: 7.6.0, 7.4.6 and below, 7.2.10 and below, 7.0 all versions, 6.4 all versions
  • Range: 7.6.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.