virus logo PSIRT

FortiAIOps - Improper Session Management

Summary

Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.

Version Affected Solution
FortiAIOps 2.0 2.0.0 Upgrade to 2.0.1 or above
FortiAIOps 1.1 Not affected Not Applicable
FortiAIOps 1.0 Not affected Not Applicable

Acknowledgement

Internally discovered and reported by Shripal Rawal of Fortinet PSIRT team.

Timeline

2024-07-09: Initial publication
IR Number FG-IR-24-069
Published Date Jul 9, 2024
Component GUI
Severity High
CVSSv3 Score 7.7
Impact Improper access control
CVE ID
Download

CVRF

CSAF