6.5

CVE-2018-13383

Warnung
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortiproxy Version < 1.2.9
FortinetFortiproxy Version2.0.0
FortinetFortios Version >= 5.2.0 < 5.2.15
FortinetFortios Version >= 5.4.0 < 5.4.13
FortinetFortios Version >= 5.6.0 < 5.6.11
FortinetFortios Version >= 6.0.0 < 6.0.5

10.01.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Fortinet FortiOS and FortiProxy Out-of-bounds Write

Schwachstelle

A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.11% 0.775
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
psirt@fortinet.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.