Vulnerability CVE-2020-6644

Vulnerability CVE-2020-6644

Published: 2020-06-22

Description:

An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.

Type:

CWE-613

(Insufficient Session Expiration)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	6.4/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Fortinet -> Fortideceptor

References:

https://fortiguard.com/advisory/FG-IR-20-006

Copyright 2024, cxsecurity.com