Back to KEVs

CVE-2018-13374

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the...

Basic Information

CVE State: PUBLISHED
Reserved Date: July 06, 2018
Published Date: January 22, 2019
Last Updated: October 23, 2024
Vendor: Fortinet
Product: Fortinet FortiOS, fortiADC
Description: A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.

CVSS Scores

CVSS v3.1

4.3 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

SSVC Information

Exploitation: active
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (added 2022-09-08 00:00:00 UTC) Source
Used in Malware: Yes (added 2022-09-08 00:00:00 UTC) Source

References

https://fortiguard.com/advisory/FG-IR-18-157

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-09-08 00:00:00 UTC