CVE-2024-32124

Published: Jul 18, 2025Modified: Jul 22, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: psirt@fortinet.com (Secondary)

Description

An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.

Affected (2)

Products: Fortinet: Fortiisolator

Fortinet

1 product

Fortiisolator

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiisolator	From 2.3.0 to 2.3.4
Fortinet Fortiisolator	From 2.4.3 to 2.4.5

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-045

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.