CVE-2024-33509

🗓️ 09 Jul 2024 15:33:24Reported by fortinetType

Improper certificate validation in FortiWeb 7.2.0 through 7.2.1 and 7.0, 6.4, 6.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-33509	9 Jul 202418:57	–	circl
CNNVD	Fortinet FortiWeb Trust Management Issue Vulnerability	9 Jul 202400:00	–	cnnvd
CVE	CVE-2024-33509	9 Jul 202415:33	–	cve
EUVD	EUVD-2024-31247	3 Oct 202520:07	–	euvd
Tenable Nessus	Fortinet FortiWeb ] Lack of client-side certificate validation when establishing secure connections (FG-IR-22-326)	10 Jul 202400:00	–	nessus
NCSC	Vulnerabilities fixed in Fortinet	10 Jul 202408:27	–	ncsc
NVD	CVE-2024-33509	9 Jul 202416:15	–	nvd
OSV	CVE-2024-33509	9 Jul 202416:15	–	osv
Positive Technologies	PT-2024-25283 · Fortinet · Fortiweb	9 Jul 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-33509	23 May 202510:11	–	redhatcve

[
  {
    "vendor": "Fortinet",
    "product": "FortiWeb",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.10",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.3",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.3.0",
        "lessThanOrEqual": "6.3.23",
        "status": "affected"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.fortinet.com/psirt/FG-IR-22-326

09 Jul 2024 15:33Current

CVSS 3.14.8

EPSS0.00189

CWE-295