CVE-2020-6644 is a vulnerability in Fortinet Fortideceptor
Published on June 22, 2020
An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.
Products Associated with CVE-2020-6644
Want to know whenever a new CVE is published for Fortinet Fortideceptor? stack.watch will email you.
Affected Versions
Fortinet FortiDeceptor:- Version 3.0.0 and below is affected.
- Version Fixed in 3.0.1 is affected.
Exploit Probability
EPSS
0.41%
Percentile
60.74%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.