CVE-2024-36511

Summary

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature

Affected Software

VendorProductVersion RangeStatus
FortinetFortiADC7.4.0 <= 7.4.4affected
FortinetFortiADC7.2.0 <= 7.2.7affected
FortinetFortiADC7.1.0 <= 7.1.4affected
FortinetFortiADC7.0.0 <= 7.0.5affected
FortinetFortiADC6.2.0 <= 6.2.6affected
FortinetFortiADC6.1.0 <= 6.1.6affected
FortinetFortiADC6.0.0 <= 6.0.4affected

Weaknesses

  • CWE-358: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References