Potential vulnerbility in FortiADC WAF could allow unauthorized access to encrypted and signed cookies

CVE-2024-36511

3.7LOW

Key Information

Vendor
Fortinet
Status
Fortiadc
Vendor
CVE Published:
10 September 2024

Summary

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature

Affected Version(s)

FortiADC <= 7.4.4

FortiADC <= 7.2.7

FortiADC <= 7.1.4

Refferences

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.