CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-13382

Known Exploited (CISA KEV)CRITICAL
9.1
CVSS Severity Score
EPSS Score62.6050%
EPSS Percentile94.93th
Published2019年6月4日
Last Modified2025年10月24日

Vulnerability Description

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

Affected Platforms (CPE)

📦
Fortinet

Fortiproxy

< 1.2.9
📦
Fortinet

Fortiproxy

= 2.0.0
💻
Fortinet

Fortios

>= 5.4.1 and < 5.4.11
💻
Fortinet

Fortios

>= 5.6.0 and < 5.6.9
💻
Fortinet

Fortios

>= 6.0.0 and < 6.0.5

References & Advisories

🔗 https://fortiguard.com/advisory/FG-IR-18-389
🔗 https://www.fortiguard.com/psirt/FG-IR-20-231
🔗 https://fortiguard.com/advisory/FG-IR-18-389
🔗 https://www.fortiguard.com/psirt/FG-IR-20-231
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13382

相关漏洞威胁

CVE-2026-248589.8

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 ...

CVE-2025-597189.8

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7....

CVE-2018-133799.1

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6...

CVE-2021-261107.8

An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and bel...