FortiIsolator 2.4.x Improper Access Control in Logging HTTP Component Allows Log Alteration
CVE-2024-32124 Published on July 18, 2025
An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.
Vulnerability Analysis
CVE-2024-32124 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2024-32124 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2024-32124
Want to know whenever a new CVE is published for Fortinet Fortiisolator? stack.watch will email you.
Affected Versions
Fortinet FortiIsolator:- Version 2.4.3, <= 2.4.4 is affected.
- Version 2.3.0, <= 2.3.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.