An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF).
                
            References
                    | Link | Resource | 
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-22-326 | Vendor Advisory | 
| https://fortiguard.fortinet.com/psirt/FG-IR-22-326 | Vendor Advisory | 
Configurations
                    History
                    21 Nov 2024, 09:17
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://fortiguard.fortinet.com/psirt/FG-IR-22-326 - Vendor Advisory | 
09 Sep 2024, 17:06
| Type | Values Removed | Values Added | 
|---|---|---|
| Summary | 
 | |
| References | () https://fortiguard.fortinet.com/psirt/FG-IR-22-326 - Vendor Advisory | |
| CPE | cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* | |
| First Time | Fortinet Fortinet fortiweb | 
09 Jul 2024, 16:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2024-07-09 16:15
Updated : 2024-11-21 09:17
NVD link : CVE-2024-33509
Mitre link : CVE-2024-33509
CVE.ORG link : CVE-2024-33509
JSON object : View
Products Affected
                fortinet
- fortiweb
CWE
                
                    
                        
                        CWE-295
                        
            Improper Certificate Validation
