← Zuruck zu CVEs

CVE-2018-13383

MEDIUMCISA KEV

4.3

Beschreibung

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

CVE Details

CVSS v3.1 Bewertung4.3

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht5/29/2019

Zuletzt geandert10/24/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerFortinet

ProduktFortiOS and FortiProxy

SchwachstellennameFortinet FortiOS and FortiProxy Out-of-bounds Write

KEV Aufnahmedatum2022-01-10

Behebungsfrist2022-07-10

Ransomware-NutzungKnown

Betroffene Produkte

fortinet:fortiosfortinet:fortiproxy

Schwachen (CWE)

CWE-787CWE-787

Referenzen

https://fortiguard.com/advisory/FG-IR-18-388(psirt@fortinet.com)

https://fortiguard.com/advisory/FG-IR-20-229(psirt@fortinet.com)

https://fortiguard.com/advisory/FG-IR-18-388(af854a3a-2127-422b-91ae-364da2661108)

https://fortiguard.com/advisory/FG-IR-20-229(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13383(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.