CyberSec.Space Logo
Back to CVE Browser

CVE-2018-13374

Known Exploited (CISA KEV)MEDIUM
4.3
CVSS Severity Score
EPSS Score39.5060%
EPSS Percentile94.80th
PublishedJan 22, 2019
Last ModifiedOct 24, 2025

Vulnerability Description

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.

Affected Platforms (CPE)

πŸ“¦
Fortinet

Fortiadc

>= 5.4.0 and < 5.4.5
πŸ“¦
Fortinet

Fortiadc

>= 6.0.0 and < 6.0.2
πŸ“¦
Fortinet

Fortiadc

= 6.1.0
πŸ’»
Fortinet

Fortios

< 6.0.3

References & Advisories

πŸ”— https://fortiguard.com/advisory/FG-IR-18-157
πŸ”— https://fortiguard.com/advisory/FG-IR-18-157
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13374

Related Vulnerabilities

CVE-2020-92866.5

An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain a...

CVE-2014-85826.4

FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to o...

CVE-2021-430766.3

An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5...

CVE-2020-66475.4

An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cr...