A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
References
Link | Resource |
---|---|
https://fortiguard.com/advisory/FG-IR-18-157 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
24 Oct 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:* |
28 Jun 2024, 14:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:* |
|
First Time |
Fortinet fortiadc
|
Information
Published : 2019-01-22 14:29
Updated : 2024-10-24 13:58
NVD link : CVE-2018-13374
Mitre link : CVE-2018-13374
CVE.ORG link : CVE-2018-13374
JSON object : View
Products Affected
fortinet
- fortiadc
- fortios
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource