CVE-2021-24019

HIGH

FortiClientEMS < 6.4.2 and <= 6.2.8 - Insufficient Session Expiration

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-24019. PoCs published by chessredoffsec.

AI-analyzed exploit summary This repository contains a Python script that tests a list of session tokens against a FortiClient EMS 6.2.6 target to check for authentication bypass. It does not exploit the vulnerability but scans for valid tokens.

Description

An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)

Exploits (1)

nomisec SCANNER 2 stars

by chessredoffsec · poc

https://github.com/chessredoffsec/CVE-2021-24019

View Code ZIP pw:eip

This repository contains a Python script that tests a list of session tokens against a FortiClient EMS 6.2.6 target to check for authentication bypass. It does not exploit the vulnerability but scans for valid tokens.

Classification

Scanner 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: FortiClient EMS 6.2.6

No auth needed

Prerequisites: List of session tokens in 'tokens.txt' · Target URL

MITRE ATT&CK

T1110 - Brute Force

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://fortiguard.com/advisory/FG-IR-20-072

Scores

CVSS v3 8.1

EPSS 0.0384

EPSS Percentile 88.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-613

Status published

Products (1)

fortinet/forticlient_endpoint_management_server < 6.2.9

Published Oct 06, 2021

Tracked Since Feb 18, 2026