← Volver a CVEs
CVE-2018-13383
MEDIUMCISA KEV4.3
Descripcion
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.
Detalles CVE
Puntuacion CVSS v3.14.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado5/29/2019
Ultima modificacion10/24/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorFortinet
ProductoFortiOS and FortiProxy
Nombre vulnerabilidadFortinet FortiOS and FortiProxy Out-of-bounds Write
Fecha inclusion KEV2022-01-10
Fecha limite remediacion2022-07-10
Uso en ransomwareKnown
Productos afectados
fortinet:fortiosfortinet:fortiproxy
Debilidades (CWE)
CWE-787CWE-787
Referencias
https://fortiguard.com/advisory/FG-IR-18-388(psirt@fortinet.com)
https://fortiguard.com/advisory/FG-IR-20-229(psirt@fortinet.com)
https://fortiguard.com/advisory/FG-IR-18-388(af854a3a-2127-422b-91ae-364da2661108)
https://fortiguard.com/advisory/FG-IR-20-229(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13383(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.