CVE-2024-36511

CVE Database · CVE-2024-36511

CVE-2024-36511

· LOWAnalyzed

CVSS v3.1

3.7

EPSS

0.38%

Published

Sep 10, 2024

Modified

Sep 20, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-358

Affected Products (1)

fortinet · fortiadc (up to 7.4.5)vulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-22-256

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs