CVE-2018-13376

{"id": "CVE-2018-13376", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-11-27T15:29:00.227", "references": [{"url": "http://www.securityfocus.com/bid/106036", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@fortinet.com"}, {"url": "https://fortiguard.com/advisory/FG-IR-18-325", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "psirt@fortinet.com"}, {"url": "http://www.securityfocus.com/bid/106036", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://fortiguard.com/advisory/FG-IR-18-325", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response."}, {"lang": "es", "value": "Existe una fuga del b\u00fafer de memoria sin inicializar en Fortinet FortiOS, de la versi\u00f3n 5.6.1 a la 5.6.3, de la versi\u00f3n 5.4.6 a la 5.4.7 y en todas las versiones desde la 5.2 bajo las p\u00e1ginas web de renuncia de respuesta del proxy web, lo que podr\u00eda provocar que los datos sensibles se muestren en la respuesta HTTP."}], "lastModified": "2024-11-21T03:46:59.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E87EA862-D58B-4C52-BFF0-54B8D01BC569", "versionEndIncluding": "5.2.12"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4200DCE0-8A28-4E77-A687-E89C582B7D30", "versionEndIncluding": "5.4.7", "versionStartIncluding": "5.4.6"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15CA187D-7F6A-454C-9E95-EE61D578EC10", "versionEndIncluding": "5.6.3", "versionStartIncluding": "5.6.1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}