CNNVD-202512-1168 Information
CNNVD ID
CNNVD-202512-1168
Related CVE
- CNNVD Published: 2025-12-09
Description (Chinese)
Fortinet FortiOS是美国飞塔(Fortinet)公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS 7.4.0版本、7.2版本、7.0版本和6.4版本存在代码问题漏洞,该漏洞源于会话过期不足,可能导致攻击者在特定条件下保持对网络资源的访问。
Description (English)
Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform of the United States of America. The system provides a wide range of security features for users, including firewalls, anti-virus, IPSEc/SSLVPN, Web content filters and anti-spam. Fortinet FortiOS version 7.4, version 7.2, version 7.0 and version 6.4 have a code gap, which stems from outdated sessions, which may lead the attackers to maintain access to network resources under certain conditions.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
飞塔
Published
2025-12-09
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-411 https://vigilance.fr/vulnerability/FortiOS-user-access-via-Insufficient-Session-Expiration-49036
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-25-411
Share on: