ID

VAR-202409-0961


CVE

CVE-2024-36511


TITLE

fortinet's  FortiADC  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-008703

DESCRIPTION

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature. fortinet's FortiADC Exists in unspecified vulnerabilities.Information may be obtained. Fortinet FortiADC is an application delivery controller of Fortinet. Fortinet FortiADC has a security feature vulnerability, which is caused by improper implementation of security checks

Trust: 2.16

sources: NVD: CVE-2024-36511 // JVNDB: JVNDB-2024-008703 // CNVD: CNVD-2024-39381

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-39381

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiadcscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiadcscope:ltversion:7.4.5

Trust: 1.0

vendor:フォーティネットmodel:fortiadcscope:eqversion:6.0.0 that's all 7.4.5

Trust: 0.8

vendor:フォーティネットmodel:fortiadcscope:eqversion: -

Trust: 0.8

vendor:fortinetmodel:fortiadcscope:eqversion:6.0.x

Trust: 0.6

vendor:fortinetmodel:fortiadcscope:eqversion:7.1.x

Trust: 0.6

vendor:fortinetmodel:fortiadcscope:eqversion:7.0.x

Trust: 0.6

vendor:fortinetmodel:fortiadcscope:eqversion:6.2.x

Trust: 0.6

vendor:fortinetmodel:fortiadcscope:eqversion:6.1.x

Trust: 0.6

vendor:fortinetmodel:fortiadcscope:eqversion:7.2.x

Trust: 0.6

vendor:fortinetmodel:fortiadcscope:gteversion:7.4.0,<=7.4.4

Trust: 0.6

sources: CNVD: CNVD-2024-39381 // JVNDB: JVNDB-2024-008703 // NVD: CVE-2024-36511

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-36511
value: LOW

Trust: 1.0

psirt@fortinet.com: CVE-2024-36511
value: LOW

Trust: 1.0

NVD: CVE-2024-36511
value: LOW

Trust: 0.8

CNVD: CNVD-2024-39381
value: LOW

Trust: 0.6

CNVD: CNVD-2024-39381
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-36511
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2024-36511
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-39381 // JVNDB: JVNDB-2024-008703 // NVD: CVE-2024-36511 // NVD: CVE-2024-36511

PROBLEMTYPE DATA

problemtype:CWE-358

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Improperly implemented security checks (CWE-358) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-008703 // NVD: CVE-2024-36511

PATCH

title:FG-IR-22-256url:https://fortiguard.fortinet.com/psirt/FG-IR-22-256

Trust: 0.8

title:Patch for Fortinet FortiADC security feature issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/590411

Trust: 0.6

sources: CNVD: CNVD-2024-39381 // JVNDB: JVNDB-2024-008703

EXTERNAL IDS

db:NVDid:CVE-2024-36511

Trust: 3.2

db:JVNDBid:JVNDB-2024-008703

Trust: 0.8

db:CNVDid:CNVD-2024-39381

Trust: 0.6

sources: CNVD: CNVD-2024-39381 // JVNDB: JVNDB-2024-008703 // NVD: CVE-2024-36511

REFERENCES

url:https://fortiguard.fortinet.com/psirt/fg-ir-22-256

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2024-36511

Trust: 0.8

sources: CNVD: CNVD-2024-39381 // JVNDB: JVNDB-2024-008703 // NVD: CVE-2024-36511

SOURCES

db:CNVDid:CNVD-2024-39381
db:JVNDBid:JVNDB-2024-008703
db:NVDid:CVE-2024-36511

LAST UPDATE DATE

2024-09-30T23:22:20.045000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-39381date:2024-09-27T00:00:00
db:JVNDBid:JVNDB-2024-008703date:2024-09-24T02:33:00
db:NVDid:CVE-2024-36511date:2024-09-20T19:43:25.023

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-39381date:2024-09-13T00:00:00
db:JVNDBid:JVNDB-2024-008703date:2024-09-24T00:00:00
db:NVDid:CVE-2024-36511date:2024-09-10T15:15:16.610