CVE-2022-45862
LOWFortiOS <7.2.6, FortiProxy <7.4.0, FortiSwitchManager <7.2.2, FortiPAM <1.4.0 - GUI Session Expiration Issue
Title source: llmDescription
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.com/psirt/FG-IR-22-445
Scores
CVSS v3
3.7
EPSS
0.0021
EPSS Percentile
43.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-613
Status
published
Products (4)
fortinet/fortios
6.4.0 - 7.2.6
fortinet/fortipam
1.0.0 - 1.4.0
fortinet/fortiproxy
7.0.0 - 7.4.0
fortinet/fortiswitchmanager
7.0.0 - 7.2.2
Published
Aug 13, 2024
Tracked Since
Feb 18, 2026