Volerion logoVolerion
Volerion logoVolerion

Fortinet FortiIsolator Insufficient Session Expiration and Incorrect Authorization Vulnerability

Vulnerability

A vulnerability allowing improper session handling and incorrect authorization has been identified in Fortinet FortiIsolator versions 2.4.0 through 2.4.4, all versions of 2.3, 2.2.0, and all versions of 2.1 and 2.0. This vulnerability may enable a remote unauthenticated attacker to deauthenticate logged-in administrators by sending a crafted cookie. Additionally, a remote authenticated read-only attacker could gain write privileges through a similar method.

Impact

Exploitation of this vulnerability could lead to a denial-of-service condition by deauthenticating logged-in administrators. Furthermore, it could allow an authenticated read-only attacker to gain unauthorized write privileges, potentially leading to further exploitation or manipulation of the system.

Remediation

Users are advised to upgrade FortiIsolator to version 2.4.5 or above. For those on FortiIsolator 2.3, migrating to a fixed release is recommended.

Added: Oct 14, 2025, 4:36 PM
Updated: Oct 14, 2025, 11:15 PM

Vulnerability Rating

Custom Algorithm
spread
1.4
impact
5.0
exploitability
7.0
remediation
7.7
relevance
0.7
threat
0.0
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.