{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36511", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-05-29T08:44:50.760Z", "datePublished": "2024-09-10T14:37:47.230Z", "dateUpdated": "2024-09-10T17:34:14.478Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiADC", "cpes": ["cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.4", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.7", "status": "affected"}, {"versionType": "semver", "version": "7.1.0", "lessThanOrEqual": "7.1.4", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.5", "status": "affected"}, {"versionType": "semver", "version": "6.2.0", "lessThanOrEqual": "6.2.6", "status": "affected"}, {"versionType": "semver", "version": "6.1.0", "lessThanOrEqual": "6.1.6", "status": "affected"}, {"versionType": "semver", "version": "6.0.0", "lessThanOrEqual": "6.0.4", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature"}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-09-10T14:37:47.230Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-358", "description": "Information disclosure", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:R"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiADC version 7.6.0 or above \nPlease upgrade to FortiADC version 7.4.5 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-256", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-256"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-10T17:34:03.029026Z", "id": "CVE-2024-36511", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T17:34:14.478Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36511", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:34:03.029026Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T17:34:10.691Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.4, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:R", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiADC", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.4"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.7"}, {"status": "affected", "version": "7.1.0", "versionType": "semver", "lessThanOrEqual": "7.1.4"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.5"}, {"status": "affected", "version": "6.2.0", "versionType": "semver", "lessThanOrEqual": "6.2.6"}, {"status": "affected", "version": "6.1.0", "versionType": "semver", "lessThanOrEqual": "6.1.6"}, {"status": "affected", "version": "6.0.0", "versionType": "semver", "lessThanOrEqual": "6.0.4"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiADC version 7.6.0 or above \nPlease upgrade to FortiADC version 7.4.5 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-256", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-22-256"}], "descriptions": [{"lang": "en", "value": "An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-358", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-09-10T14:37:47.230Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36511", "state": "PUBLISHED", "dateUpdated": "2024-09-10T17:34:14.478Z", "dateReserved": "2024-05-29T08:44:50.760Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2024-09-10T14:37:47.230Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature"}], "id": "CVE-2024-36511", "lastModified": "2024-09-10T15:50:47.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2024-09-10T15:15:16.610", "references": [{"source": "psirt@fortinet.com", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-256"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-358"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}