CVE-2018-13374

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
References
Link Resource
https://fortiguard.com/advisory/FG-IR-18-157 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

History

24 Oct 2024, 13:58

Type Values Removed Values Added
CPE cpe:2.3:a:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*

28 Jun 2024, 14:04

Type Values Removed Values Added
CPE cpe:2.3:a:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*
First Time Fortinet fortiadc

Information

Published : 2019-01-22 14:29

Updated : 2024-10-24 13:58


NVD link : CVE-2018-13374

Mitre link : CVE-2018-13374

CVE.ORG link : CVE-2018-13374


JSON object : View

Products Affected

fortinet

  • fortiadc
  • fortios
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource