exploitDog

CVE-2024-33509

Опубликовано: 09 июл. 2024

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF).

Ссылки

https://fortiguard.fortinet.com/psirt/FG-IR-22-326
Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-22-326
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*

Версия от 6.3.0 (включая) до 7.2.2 (исключая)

EPSS

Процентиль: 42%

0.002

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-295

Связанные уязвимости

GHSA-49fh-c382-5964

CVSS3: 4.8

github

больше 1 года назад

An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF).

EPSS

Процентиль: 42%

0.002

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-295