CVE-2018-13383
Fortinet FortiOS and FortiProxy Out-of-bounds Write
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
YesDecision
Descriptions
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.
Un desbordamiento del búfer de la pila en Fortinet FortiOS versión 6.0.0 hasta 6.0.4, versión 5.6.0 hasta 5.6.10, versión 5.4.0 hasta 5.4.12, versión 5.2.14 y anteriores y FortiProxy versión 2.0.0, versión 1.2.8 y anteriores en el portal web de SSL VPN puede provocar la finalización del servicio web de SSL VPN para los usuarios registrados debido a un fallo en el manejo de los datos href de javascript al proxiar las páginas web
A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2018-07-06 CVE Reserved
- 2019-05-29 CVE Published
- 2022-01-10 Exploited in Wild
- 2022-07-10 KEV Due Date
- 2023-05-22 EPSS Updated
- 2024-10-23 CVE Updated
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://fortiguard.com/advisory/FG-IR-18-388 | 2021-03-16 | |
https://fortiguard.com/advisory/FG-IR-20-229 | 2021-03-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fortinet Search vendor "Fortinet" | Fortiproxy Search vendor "Fortinet" for product "Fortiproxy" | <= 1.2.8 Search vendor "Fortinet" for product "Fortiproxy" and version " <= 1.2.8" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortiproxy Search vendor "Fortinet" for product "Fortiproxy" | 2.0.0 Search vendor "Fortinet" for product "Fortiproxy" and version "2.0.0" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | <= 5.2.14 Search vendor "Fortinet" for product "Fortios" and version " <= 5.2.14" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 5.4.0 <= 5.4.12 Search vendor "Fortinet" for product "Fortios" and version " >= 5.4.0 <= 5.4.12" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 5.6.0 <= 5.6.10 Search vendor "Fortinet" for product "Fortios" and version " >= 5.6.0 <= 5.6.10" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortios Search vendor "Fortinet" for product "Fortios" | >= 6.0.0 <= 6.0.4 Search vendor "Fortinet" for product "Fortios" and version " >= 6.0.0 <= 6.0.4" | - |
Affected
|