CVE-2024-36511

CWE-3584 documents4 sources
Severity
3.7LOW
EPSS
0.4%
top 38.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiadc
Timeline
PublishedSep 10

Description

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

NVDfortinet/fortiadc6.0.07.4.5
CVEListV5fortinet/fortiadc7.4.07.4.4+6

🔴Vulnerability Details

2
CVEList
CVE-2024-36511: An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 72024-09-10
GHSA
GHSA-4r99-7p57-xjr3: An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 72024-09-10

📋Vendor Advisories

1
Fortinet
An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF)...2024-09-10
CVE-2024-36511 (LOW CVSS 3.7) | An improperly implemented security | cvebase.io