CVE-2024-33507 HIGH

CVE-2024-33507

Vendor Fortinet
Product FortiIsolator
Weakness CWE-613 · Insufficient session expiration
Published October 14, 2025
Last update January 14, 2026

CVSS base score

7.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:X

What the vulnerability does

01Description

An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logged in admins via crafted cookie and remote authenticated read-only attacker to gain write privilege via crafted cookie.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
January 14, 2026 Record updated