CVE-2024-36511

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature

Published: Sep 10, 2024
Updated: May 4, 2025
CVE: CVE-2024-36511
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.7
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
fortinet / fortiadc	6.0.0	7.4.5

https://fortiguard.fortinet.com/psirt/FG-IR-22-256

Vulnerability Database

289,697

CVE-2024-36511