CVE-2024-50562

4.8 MEDIUM

An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and ...

Published: 2025-06-10 · Last updated: 2026-06-09

Severity and scoring

CVSS: 4.8 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-613

Affected products

Vendor	Product
fortinet	fortios, fortisase

Description

An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2024-50562
[Vendor advisory]https://fortiguard.fortinet.com/psirt/FG-IR-24-339
[Other]https://cert-portal.siemens.com/productcert/html/ssa-864900.html

Related CVEs

Same vendor

CVE-2026-49938 — A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all... (6.5 MEDIUM)
CVE-2026-25089 — A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0... (9.8 CRITICAL)
CVE-2025-67862 — An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through ... (6.7 MEDIUM)
CVE-2026-44277 — A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through ... (9.8 CRITICAL)
CVE-2026-25690 — An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 throu... (4.3 MEDIUM)

Same CWE

CVE-2026-53843 — OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish... (8.8 HIGH)
CVE-2026-53776 — Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the u... (9.1 CRITICAL)
CVE-2026-44188 — A flaw was found in Ansible Lightspeed (5.3 MEDIUM)
CVE-2026-53830 — OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secr... (6.5 MEDIUM)
CVE-2026-53824 — OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing comm... (6.5 MEDIUM)