Back to KEVs

CVE-2018-13383

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy...

Basic Information

CVE State
PUBLISHED
Reserved Date
July 06, 2018
Published Date
May 29, 2019
Last Updated
October 23, 2024
Vendor
Fortinet
Product
Fortinet FortiOS and FortiProxy
Description
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

CVSS Scores

CVSS v3.1

4.3 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

SSVC Information

Exploitation
active
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (added 2022-01-10 00:00:00 UTC) Source
Used in Malware
Yes (added 2022-01-10 00:00:00 UTC) Source

References

https://fortiguard.com/advisory/FG-IR-18-388 https://fortiguard.com/advisory/FG-IR-20-229

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-01-10 00:00:00 UTC