Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-36511

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature

Published

2024-09-10T15:15:16.610

Last Modified

2024-09-20T19:43:25.023

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.7 (LOW)

Weaknesses

Type: Secondary
CWE-358
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortiadc	< 7.4.5	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-22-256 Vendor Advisory ([email protected])