← Back to CVEs

CVE-2018-13383

MEDIUMCISA KEV

4.3

Description

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

CVE Details

CVSS v3.1 Score4.3

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published5/29/2019

Last Modified10/24/2025

Sourcekev

Honeypot Sightings0

CISA KEV

VendorFortinet

ProductFortiOS and FortiProxy

Vulnerability NameFortinet FortiOS and FortiProxy Out-of-bounds Write

KEV Date Added2022-01-10

Remediation Due Date2022-07-10

Ransomware UseKnown

Affected Products

fortinet:fortiosfortinet:fortiproxy

Weaknesses (CWE)

CWE-787CWE-787

References

https://fortiguard.com/advisory/FG-IR-18-388(psirt@fortinet.com)

https://fortiguard.com/advisory/FG-IR-20-229(psirt@fortinet.com)

https://fortiguard.com/advisory/FG-IR-18-388(af854a3a-2127-422b-91ae-364da2661108)

https://fortiguard.com/advisory/FG-IR-20-229(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13383(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.