CVE-2024-27779

CVE Database · CVE-2024-27779

CVE-2024-27779

· MEDIUMAnalyzed

CVSS v3.1

6.7

EPSS

0.47%

Published

Jul 18, 2025

Modified

Jul 22, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Weaknesses (CWE)

CWE-613

Affected Products (3)

fortinet · fortiisolator (up to 2.4.5)vulnerable

fortinet · fortisandbox (up to 4.2.7)vulnerable

fortinet · fortisandbox (up to 4.4.5)vulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-035

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs