{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T09:39:17.750","vulnerabilities":[{"cve":{"id":"CVE-2024-27779","sourceIdentifier":"psirt@fortinet.com","published":"2025-07-18T08:15:25.850","lastModified":"2025-07-22T17:07:27.987","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted."},{"lang":"es","value":"Una vulnerabilidad de expiración de sesión insuficiente [CWE-613] en FortiSandbox FortiSandbox versión 4.4.4 y anteriores, versión 4.2.6 y anteriores, 4.0 todas las versiones, 3.2 todas las versiones y FortiIsolator versión 2.4 y anteriores, 2.3 todas las versiones, 2.2 todas las versiones, 2.1 todas las versiones, 2.0 todas las versiones, 1.2 todas las versiones puede permitir que un atacante remoto en posesión de una cookie de sesión de administrador siga usando la sesión de ese administrador incluso después de que el usuario administrador haya sido eliminado."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":5.5}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiisolator:*:*:*:*:*:*:*:*","versionStartIncluding":"1.2.0","versionEndExcluding":"2.4.5","matchCriteriaId":"5FE46895-BF73-4346-900B-C9A7CD434028"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndExcluding":"4.2.7","matchCriteriaId":"6D8EBB53-DB08-44EA-9FE4-87801ACA2C26"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.5","matchCriteriaId":"2C77A903-42B3-41D3-BDC6-E138679B5400"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-035","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}}]}