CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-13374

Known Exploited (CISA KEV)MEDIUM
4.3
CVSS Severity Score
EPSS Score39.5060%
EPSS Percentile94.80th
Published2019年1月22日
Last Modified2025年10月24日

Vulnerability Description

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.

Affected Platforms (CPE)

📦
Fortinet

Fortiadc

>= 5.4.0 and < 5.4.5
📦
Fortinet

Fortiadc

>= 6.0.0 and < 6.0.2
📦
Fortinet

Fortiadc

= 6.1.0
💻
Fortinet

Fortios

< 6.0.3

References & Advisories

🔗 https://fortiguard.com/advisory/FG-IR-18-157
🔗 https://fortiguard.com/advisory/FG-IR-18-157
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13374

相关漏洞威胁

CVE-2020-92866.5

An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain a...

CVE-2014-85826.4

FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to o...

CVE-2021-430766.3

An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5...

CVE-2020-66475.4

An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cr...