#VU97002 Improperly implemented security check for standard in FortiADC - CVE-2024-36511
Published: September 10, 2024
Vulnerability identifier: #VU97002
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-36511
CWE-ID: CWE-358
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
FortiADC
FortiADC
Software vendor:
Fortinet, Inc
Fortinet, Inc
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an improperly implemented security check for standard in FortiADC Web Application Firewall (WAF) when cookie security policy is enabled. A remote attacker can retrieve the initial encrypted and signed cookie protected by the feature.
Remediation
Install updates from vendor's website.