Vulnerability detail

Enriched intelligence for a single CVE

4.3

CVSS
Medium

CVE-2018-13383

PUBLISHED

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy...

Exploited in the wild Used in malware Remote Low complexity No user interaction

Vendor: Fortinet
Product: Fortinet FortiOS and FortiProxy
Published: May 29, 2019
EPSS: —

Description

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

java ios cisa malware ransomware edge

CVSS scores

CVSS v3.1 4.3 Medium

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Exploitation status

Exploited in the wild

Recorded 2022-01-10 00:00:00 UTC · Source

Used in malware

Recorded 2022-01-10 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Jan 10, 2022
CISA	Jan 10, 2022

Timeline

CVE ID Reserved

July 06, 2018
CVE Published to Public

May 29, 2019
Exploit Used in Malware

January 10, 2022
Added to KEVIntel

January 10, 2022
Added to KEVIntel

January 10, 2022