CVE-2024-33507

CWE-613 — Insufficient Session Expiration4 documents4 sources

Severity

9.1CRITICAL

EPSS

0.1%

top 68.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiisolator

Timeline

PublishedOct 14

Description

An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logged in admins via crafted cookie and remote authenticated read-only attacker to gain write privilege via crafted cookie.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

▶NVDfortinet/fortiisolator2.3.0 — 2.4.5

▶CVEListV5fortinet/fortiisolator2.4.0 — 2.4.4+1

🔴Vulnerability Details

CVEList

CVE-2024-33507: An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2↗2025-10-14

▶

GHSA

GHSA-q59r-m5g9-6m54: An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2↗2025-10-14

▶

📋Vendor Advisories

Fortinet

An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in For...↗2025-10-14

▶