Heap Buffer Overflow in Fortinet FortiOS and FortiProxy Products
CVE-2018-13383

6.5MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet FortiOS And Fortiproxy
Vendor: CVE Published:; 29 May 2019

Badges

💰 Ransomware👾 Exploit Exists🦅 CISA Reported

Summary

A heap buffer overflow vulnerability exists in Fortinet FortiOS and FortiProxy products affecting the SSL VPN web portal. This flaw arises from improper handling of JavaScript href data while proxying web pages, potentially leading to service termination for logged-in users.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

Fortinet FortiOS and FortiProxy FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier, FortiProxy 2.0.0, 1.2.8 and earlier

References

https://fortiguard.com/advisory/FG-IR-18-388

x_refsource_CONFIRM

https://fortiguard.com/advisory/FG-IR-20-229

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

💰
Used in Ransomware
Jan 10, 2022
👾
Exploit known to exist
Jan 10, 2022
🦅
CISA Reported
Jan 10, 2022
Vulnerability published
May 29, 2019
Vulnerability Reserved
Jul 6, 2018