Lucene search

K
nvd[email protected]NVD:CVE-2024-36511
HistorySep 10, 2024 - 3:15 p.m.

CVE-2024-36511

2024-09-1015:15:16
CWE-358
web.nvd.nist.gov
4
fortiadc waf
cve-2024-36511
cwe-358
cookie security.

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

17.7%

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature

Affected configurations

Nvd
Node
fortinetfortiadcRange6.0.07.4.5
VendorProductVersionCPE
fortinetfortiadc*cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

17.7%

Related for NVD:CVE-2024-36511