Lucene search

[email protected]NVD:CVE-2024-27782

HistoryJul 09, 2024 - 4:15 p.m.

CVE-2024-27782

2024-07-0916:15:05

CWE-613

[email protected]

web.nvd.nist.gov

cve-2024-27782

fortiaiops

session expiration

cwe-613

unauthorized operations

crafted requests

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.

Affected configurations

Nvd

Node

fortinetfortiaiopsMatch2.0.0

VendorProductVersionCPE
fortinetfortiaiops2.0.0cpe:2.3:a:fortinet:fortiaiops:2.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortiaiops	2.0.0	cpe:2.3:a:fortinet:fortiaiops:2.0.0:::::::*

References

fortiguard.fortinet.com/psirt/FG-IR-24-069

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

Related for NVD:CVE-2024-27782

cvelist1 cve1 vulnrichment1