CVE-2024-33507

CVE Database · CVE-2024-33507

CVE-2024-33507

· HIGHAnalyzed

CVSS v3.1

7.4

EPSS

0.37%

Published

Oct 14, 2025

Modified

Oct 15, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logged in admins via crafted cookie and remote authenticated read-only attacker to gain write privilege via crafted cookie.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Weaknesses (CWE)

CWE-613

Affected Products (1)

fortinet · fortiisolator (up to 2.4.5)vulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-062

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs