CVE-2024-27779

N/A

An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

不充分的会话过期机制

Fortinet FortiSandbox和Fortinet FortiIsolator 代码问题漏洞

Fortinet FortiSandbox和Fortinet FortiIsolator都是美国飞塔（Fortinet）公司的产品。Fortinet FortiSandbox是一款APT（高级持续性威胁）防护设备。该设备提供双重沙盒技术、动态威胁智能系统、实时控制面板和报告等功能。Fortinet FortiIsolator是一个为浏览器提供远程安全隔离功能的应用。该应用为Fortinet Security Fabric添加了额外的高级威胁防护功能，并保护关键业务数据免受网络上复杂威胁的侵害。来自Web的

N/A

N/A