CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-13383

Known Exploited (CISA KEV)MEDIUM
4.3
CVSS Severity Score
EPSS Score27.3340%
EPSS Percentile93.15th
Published2019年5月29日
Last Modified2025年10月24日

Vulnerability Description

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

Affected Platforms (CPE)

📦
Fortinet

Fortiproxy

< 1.2.9
📦
Fortinet

Fortiproxy

= 2.0.0
💻
Fortinet

Fortios

>= 5.2.0 and < 5.2.15
💻
Fortinet

Fortios

>= 5.4.0 and < 5.4.13
💻
Fortinet

Fortios

>= 5.6.0 and < 5.6.11
💻
Fortinet

Fortios

>= 6.0.0 and < 6.0.5

References & Advisories

🔗 https://fortiguard.com/advisory/FG-IR-18-388
🔗 https://fortiguard.com/advisory/FG-IR-20-229
🔗 https://fortiguard.com/advisory/FG-IR-18-388
🔗 https://fortiguard.com/advisory/FG-IR-20-229
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13383

相关漏洞威胁

CVE-2026-248589.8

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 ...

CVE-2025-597189.8

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7....

CVE-2018-133829.1

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0....

CVE-2018-133799.1

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6...