Unrated severityNVD Advisory· Published Oct 14, 2025· Updated Jan 14, 2026
CVE-2024-33507
CVE-2024-33507
Description
An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logged in admins via crafted cookie and remote authenticated read-only attacker to gain write privilege via crafted cookie.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:fortinet:fortiisolator:2.4.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fortinet:fortiisolator:2.4.4:*:*:*:*:*:*:*range: 2.4.0
- (no CPE)range: >=2.0, <=2.4.4
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.