CVE-2018-13374

MEDIUMCISA KEV

4.3

Description

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.

Details CVE

Score CVSS v3.14.3

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie1/22/2019

Derniere modification10/24/2025

Sourcekev

Observations honeypot0

CISA KEV

FournisseurFortinet

ProduitFortiOS and FortiADC

Nom vulnerabiliteFortinet FortiOS and FortiADC Improper Access Control Vulnerability

Date ajout KEV2022-09-08

Date limite remediation2022-09-29

Utilise dans ransomwareKnown

Produits affectes

fortinet:fortiadcfortinet:fortios

Faiblesses (CWE)

CWE-732CWE-732

References

https://fortiguard.com/advisory/FG-IR-18-157(psirt@fortinet.com)

https://fortiguard.com/advisory/FG-IR-18-157(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13374(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.