PT-2025-41942 · Fortinet · Fortiisolator
Published
2025-10-14
·
Updated
2025-10-14
·
CVE-2024-33507
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FortiIsolator versions 2.0 through 2.4.4
FortiIsolator version 2.3 all versions
FortiIsolator version 2.2.0
FortiIsolator version 2.1 all versions
Description
FortiIsolator is affected by an insufficient session expiration and an incorrect authorization issue. These flaws may allow a remote unauthenticated attacker to deauthenticate logged-in administrators through a crafted cookie. Additionally, a remote authenticated read-only attacker could gain write privileges using a crafted cookie.
Recommendations
Update FortiIsolator to a version later than 2.4.4.
Update FortiIsolator to a version later than 2.3 all versions.
Update FortiIsolator to a version later than 2.2.0.
Update FortiIsolator to a version later than 2.1 all versions.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiisolator