Improper Access Control in Fortinet FortiOS and FortiADC Products
CVE-2018-13374

4.3MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet FortiOS, Fortiadc
Vendor: CVE Published:; 22 January 2019

Badges

💰 Ransomware👾 Exploit Exists🦅 CISA Reported

What is CVE-2018-13374?

An improper access control vulnerability exists in Fortinet's FortiOS and FortiADC products that allows an attacker to obtain sensitive LDAP server login credentials. This occurs when a malicious actor points an LDAP server connectivity test request to a rogue LDAP server, instead of the intended configuration. Organizations utilizing affected versions should take immediate action to secure their systems and avoid potential data breaches.

CISA has reported CVE-2018-13374

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2018-13374 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Fortinet FortiOS, fortiADC FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4

References

https://fortiguard.com/advisory/FG-IR-18-157

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

💰
Used in Ransomware
Sep 8, 2022
👾
Exploit known to exist
Sep 8, 2022
🦅
CISA Reported
Sep 8, 2022
Vulnerability published
Jan 22, 2019
Vulnerability Reserved
Jul 6, 2018

JSON

Fortinet