← Voltar para CVEs

CVE-2018-13383

MEDIUMCISA KEV

4.3

Descricao

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

Detalhes CVE

Pontuacao CVSS v3.14.3

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado5/29/2019

Ultima modificacao10/24/2025

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorFortinet

ProdutoFortiOS and FortiProxy

Nome da vulnerabilidadeFortinet FortiOS and FortiProxy Out-of-bounds Write

Data inclusao KEV2022-01-10

Prazo de remediacao2022-07-10

Uso em ransomwareKnown

Produtos afetados

fortinet:fortiosfortinet:fortiproxy

Fraquezas (CWE)

CWE-787CWE-787

Referencias

https://fortiguard.com/advisory/FG-IR-18-388(psirt@fortinet.com)

https://fortiguard.com/advisory/FG-IR-20-229(psirt@fortinet.com)

https://fortiguard.com/advisory/FG-IR-18-388(af854a3a-2127-422b-91ae-364da2661108)

https://fortiguard.com/advisory/FG-IR-20-229(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13383(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.