CVE-2024-33509

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.3 through 7.2.1 FortiWeb version 7.0

Description An improper certificate validation issue may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF).

Recommendations For FortiWeb versions 6.3 through 7.2.1, update to a version that includes the fix for the improper certificate validation issue. For FortiWeb version 7.0, update to a version that includes the fix for the improper certificate validation issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.