Main Vulnerability Database Vulnerabilities #VU97002

Improperly implemented security check for standard in FortiADC - CVE-2024-36511

Published: September 10, 2024

Vulnerability identifier: #VU97002

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-36511

CWE-ID: CWE-358

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiADC

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an improperly implemented security check for standard in FortiADC Web Application Firewall (WAF) when cookie security policy is enabled. A remote attacker can retrieve the initial encrypted and signed cookie protected by the feature.

How to mitigate CVE-2024-36511

Install updates from vendor's website.

Sources

https://www.fortiguard.com/psirt/FG-IR-22-256

Improperly implemented security check for standard in FortiADC - CVE-2024-36511

Detailed vulnerability description

How to mitigate CVE-2024-36511

Sources

Please verify you're human