Main Vulnerability Database Vulnerabilities #VU94010

#VU94010 Improper certificate validation in FortiWeb - CVE-2024-33509

Published: July 9, 2024

Vulnerability identifier: #VU94010

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-33509

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiWeb

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper certificate validation. A remote user can tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF).

Remediation

Install updates from vendor's website.

External links

https://fortiguard.fortinet.com/psirt/FG-IR-22-326

#VU94010 Improper certificate validation in FortiWeb - CVE-2024-33509

Description

Remediation

External links

Please verify you're human