← Back

CVE-2024-36511

nvd nist
Published: Sep 10, 2024Modified: Sep 20, 2024

JSON object

Loading...
3.7
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.2 / Impact: 1.4
Source: NVD

Description

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature

Affected (1)

Products: Fortinet: Fortiadc
Fortinet
1 product
Fortiadc
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Fortiadc
From 6.0.0 to 7.4.5

Related CWEs

CWE-358
Improperly Implemented Security Check for Standard
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

References (1)

Source: psirt@fortinet.com
Vendor Advisory

Timeline

No history available yet.