Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-13374

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.

Published

2019-01-22T14:29:00.220

Last Modified

2025-01-27T21:30:51.357

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-732
  • Type: Secondary
    CWE-732
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application fortinet fortiadc < 5.4.5 Yes
Application fortinet fortiadc < 6.0.2 Yes
Application fortinet fortiadc 6.1.0 Yes
Operating System fortinet fortios < 6.0.3 Yes
References