CVE-2024-36511
Last modified
CVE-2024-36511 is a low-severity vulnerability rated 3.7/10 on the CVSS scale. An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortiadc | >= 6.0.0, < 7.4.5 |
References
- https://fortiguard.fortinet.com/psirt/FG-IR-22-256Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-36511?
How severe is CVE-2024-36511?
How do I fix CVE-2024-36511?
Are you affected by CVE-2024-36511?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST