CVE-2024-27779

{"id": "CVE-2024-27779", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 1.2}]}, "published": "2025-07-18T08:15:25.850", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-035", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted."}, {"lang": "es", "value": "Una vulnerabilidad de expiraci\u00f3n de sesi\u00f3n insuficiente [CWE-613] en FortiSandbox FortiSandbox versi\u00f3n 4.4.4 y anteriores, versi\u00f3n 4.2.6 y anteriores, 4.0 todas las versiones, 3.2 todas las versiones y FortiIsolator versi\u00f3n 2.4 y anteriores, 2.3 todas las versiones, 2.2 todas las versiones, 2.1 todas las versiones, 2.0 todas las versiones, 1.2 todas las versiones puede permitir que un atacante remoto en posesi\u00f3n de una cookie de sesi\u00f3n de administrador siga usando la sesi\u00f3n de ese administrador incluso despu\u00e9s de que el usuario administrador haya sido eliminado."}], "lastModified": "2025-07-22T17:07:27.987", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FE46895-BF73-4346-900B-C9A7CD434028", "versionEndExcluding": "2.4.5", "versionStartIncluding": "1.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D8EBB53-DB08-44EA-9FE4-87801ACA2C26", "versionEndExcluding": "4.2.7", "versionStartIncluding": "3.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C77A903-42B3-41D3-BDC6-E138679B5400", "versionEndExcluding": "4.4.5", "versionStartIncluding": "4.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}