CVE-2024-50562

An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session...

CVE-2024-50562

An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session...

PT-2025-24717 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4 and earlier FortiOS versions 7.0 and earlier FortiOS versions 7.2 and earlier FortiOS versions 7.4.7 and earlier FortiOS version 7.6.0 Description: The issue allows an authenticated user to access full SSL-VPN settings vi...

Fortinet FortiOS SSL-VPN 代码问题漏洞

Fortinet FortiOS SSL-VPN is a VPN software from Fortinet, Inc. A code issue vulnerability exists in Fortinet FortiOS SSL-VPN version 7.6.0, 7.4.6 and below, 7.2.10 and below, all versions of 7.0, and all versions of 6.4, which stems from an insufficient session expiration, and could allow an...

PT-2025-24709 · Fortinet · Fortios Ssl-Vpn +1

Name of the Vulnerable Software and Affected Versions: FortiOS SSL-VPN versions 7.6.0, 7.4.6 and below, 7.2.10 and below, 7.0 all versions, 6.4 all versions Description: The issue is related to an Insufficient Session Expiration, which may allow an attacker with a cookie used to log in to the...

Fortinet Fortigate Insufficient Session Expiration in SSL-VPN cookie (FG-IR-24-339)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-339 advisory. - An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version...

Fortinet FortiOS 信息泄露漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An information...

Arbitrary File Read Vulnerability in SSL VPN of Beijing NetGuard Nebula Information Technology Co.

Beijing Netnifty Information Technology Co., Ltd. is a leading enterprise in the domestic information security industry, specializing in the research, development, production and sales of information security products. Beijing NetGuard Nebula Information Technology Co. Ltd NetGuard Nebula-SSL-VPN...

CVE-2024-20513

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to...

CVE-2024-20502

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishi...

CVE-2024-23112

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticat...

CVE-2024-33510

An improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability CWE-74 in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below;...

CVE-2024-20493

A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to deny further VPN user authentications for several...

CVE-2023-5748

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors...

CVE-2023-5593

The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message...

CVE-2023-47101

The installer aka openvpn-client-installer in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair...

CVE-2023-33307

A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter...

CVE-2023-45586

An insufficient verification of data authenticity vulnerability CWE-345 in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13...

CVE-2023-20275

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. This vulnerability is due to improper...

CVE-2023-20247

A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid...