CVE-2024-36511 LOW

CVE-2024-36511

Vendor Fortinet
Product FortiADC
Weakness CWE-358
Published September 10, 2024
Last update September 10, 2024

CVSS base score

3.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:R

What the vulnerability does

01Description

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature

Key dates

02Disclosure timeline

September 10, 2024 CVE published
September 10, 2024 Record updated