← Voltar para CVEs
CVE-2018-13374
MEDIUMCISA KEV4.3
Descricao
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
Detalhes CVE
Pontuacao CVSS v3.14.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado1/22/2019
Ultima modificacao10/24/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorFortinet
ProdutoFortiOS and FortiADC
Nome da vulnerabilidadeFortinet FortiOS and FortiADC Improper Access Control Vulnerability
Data inclusao KEV2022-09-08
Prazo de remediacao2022-09-29
Uso em ransomwareKnown
Produtos afetados
fortinet:fortiadcfortinet:fortios
Fraquezas (CWE)
CWE-732CWE-732
Referencias
https://fortiguard.com/advisory/FG-IR-18-157(psirt@fortinet.com)
https://fortiguard.com/advisory/FG-IR-18-157(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13374(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.