Improper Access Control in Fortinet FortiOS and FortiADC Products
CVE-2018-13374

4.3MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet FortiOS, Fortiadc
Vendor: CVE Published:; 22 January 2019

Badges

💰 Ransomware👾 Exploit Exists🦅 CISA Reported

What is CVE-2018-13374?

An improper access control vulnerability exists in Fortinet's FortiOS and FortiADC products that allows an attacker to obtain sensitive LDAP server login credentials. This occurs when a malicious actor points an LDAP server connectivity test request to a rogue LDAP server, instead of the intended configuration. Organizations utilizing affected versions should take immediate action to secure their systems and avoid potential data breaches.

CISA has reported CVE-2018-13374

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2018-13374 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

Fortinet FortiOS, fortiADC FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4

References

https://fortiguard.com/advisory/FG-IR-18-157

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

💰
Used in Ransomware
Sep 8, 2022
👾
Exploit known to exist
Sep 8, 2022
🦅
CISA Reported
Sep 8, 2022
Vulnerability published
Jan 22, 2019
Vulnerability Reserved
Jul 6, 2018