CVE-2018-13374

Published: Jan 22, 2019Modified: Oct 24, 2025CISA KEV

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.

Affected (4)

Products: Fortinet: Fortiadc, Fortios

2 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiadc	From 5.4.0 to 5.4.5
Fortinet Fortiadc	From 6.0.0 to 6.0.2
Fortinet Fortiadc	Version 6.1.0
Fortinet Fortios	Before 6.0.3

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (3)

https://fortiguard.com/advisory/FG-IR-18-157

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-18-157

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13374

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.