← Back

CVE-2018-13383

nvd nist
Published: May 29, 2019Modified: Oct 24, 2025CISA KEV

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

Affected (6)

Fortinet
2 products
Fortios
Fortiproxy
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Fortios
From 5.2.0 to 5.2.15
Fortios
From 5.4.0 to 5.4.13
Fortios
From 5.6.0 to 5.6.11
Fortios
From 6.0.0 to 6.0.5
Fortinet
Fortiproxy
Before 1.2.9
Fortiproxy
Version 2.0.0

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (5)

Source: psirt@fortinet.com
MitigationVendor Advisory
Source: psirt@fortinet.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.