PSIRT

Access control bypass in logging component

Summary

An improper access control vulnerability [CWE-284] in FortiIsolator logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.

Version	Affected	Solution
FortiIsolator 3.0	Not affected	Not Applicable
FortiIsolator 2.4	2.4.3 through 2.4.4	Upgrade to 2.4.5 or above
FortiIsolator 2.3	2.3 all versions	Migrate to a fixed release
FortiIsolator 2.2	Not affected	Not Applicable

Acknowledgement

Internally discovered and reported by Leslie Zhou of Fortinet Vulnerability Research team.

Timeline

2025-07-08: Initial publication

IR Number	FG-IR-24-045
Published Date	Jul 8, 2025
Component	GUI
Severity	Medium
CVSSv3 Score	4.0
Impact	Improper access control
CVE ID
Download	CVRF CSAF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

Access control bypass in logging component

Summary

Acknowledgement

Timeline

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

Access control bypass in logging component

Summary

Acknowledgement

Timeline

Threat Intelligence
Center