← Zuruck zu CVEs

CVE-2018-13382

CRITICALCISA KEV

9.1

Beschreibung

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

CVE Details

CVSS v3.1 Bewertung9.1

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht6/4/2019

Zuletzt geandert10/24/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerFortinet

ProduktFortiOS and FortiProxy

SchwachstellennameFortinet FortiOS and FortiProxy Improper Authorization

KEV Aufnahmedatum2022-01-10

Behebungsfrist2022-07-10

Ransomware-NutzungKnown

Betroffene Produkte

fortinet:fortiosfortinet:fortiproxy

Schwachen (CWE)

CWE-863CWE-863

Referenzen

https://fortiguard.com/advisory/FG-IR-18-389(psirt@fortinet.com)

https://www.fortiguard.com/psirt/FG-IR-20-231(psirt@fortinet.com)

https://fortiguard.com/advisory/FG-IR-18-389(af854a3a-2127-422b-91ae-364da2661108)

https://www.fortiguard.com/psirt/FG-IR-20-231(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13382(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.