CNNVD-202510-1982 Information
CNNVD ID
CNNVD-202510-1982
Related CVE
- CNNVD Published: 2025-10-14
Description (Chinese)
Fortinet FortiIsolator是美国飞塔(Fortinet)公司的一个为浏览器提供远程安全隔离功能的应用。该应用为Fortinet Security Fabric添加了额外的高级威胁防护功能,并保护关键业务数据免受网络上复杂威胁的侵害。来自Web的内容和文件在远程容器中访问,然后将无风险的内容呈现给用户。 Fortinet FortiIsolator存在代码问题漏洞,该漏洞源于会话过期不足和授权不当,可能导致远程未经验证攻击者通过特制cookie取消管理员认证,以及远程经验证只读攻击者通过特制cookie获得写入权限。以下版本受到影响:2.4.0版本至2.4.4版本、2.3所有版本、2.2.0版本、2.1所有版本和2.0所有版本。
Description (English)
Fortinet FortiIsolator is an application of Fortinet to provide long-range safety isolation for browsers. The application added additional advanced threat protection to Fortinet Security Fabric and protected critical operational data from complex threats on the web. Content and files from Web are accessed in remote containers and no risk content is presented to users. Fortinet FortiIsolator has a code loophole, which stems from expired sessions and inappropriate authorization, which may result in remote uncertified assailants de-certifying their administrators through custom-made cookies and remote empirical certificate-read-only assailants obtaining write-off privileges through custom-made cookies. The following versions were affected: 2.4.0 to 2.4.4, 2.3 to all, 2.2.0, 2.1 to all and 2.0.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
飞塔
Published
2025-10-14
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-24-062 https://access.redhat.com/security/cve/cve-2024-33507
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-24-062
Share on: