← Zuruck zu CVEs
CVE-2018-13374
MEDIUMCISA KEV4.3
Beschreibung
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
CVE Details
CVSS v3.1 Bewertung4.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht1/22/2019
Zuletzt geandert10/24/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerFortinet
ProduktFortiOS and FortiADC
SchwachstellennameFortinet FortiOS and FortiADC Improper Access Control Vulnerability
KEV Aufnahmedatum2022-09-08
Behebungsfrist2022-09-29
Ransomware-NutzungKnown
Betroffene Produkte
fortinet:fortiadcfortinet:fortios
Schwachen (CWE)
CWE-732CWE-732
Referenzen
https://fortiguard.com/advisory/FG-IR-18-157(psirt@fortinet.com)
https://fortiguard.com/advisory/FG-IR-18-157(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13374(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.