CVE-2024-36511

LOW

FortiADC WAF <7.4.4 - Info Disclosure

Title source: llm

Description

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-22-256

Scores

CVSS v3 3.7

EPSS 0.0041

EPSS Percentile 61.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-358

Status published

Products (1)

fortinet/fortiadc 6.0.0 - 7.4.5

Published Sep 10, 2024

Tracked Since Feb 18, 2026