ID

VAR-201809-0238


CVE

CVE-2018-1353


TITLE

Fortinet FortiManager Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-009414

DESCRIPTION

An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. Fortinet FortiManager Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiManager is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to FortiManager 6.0.1 are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management

Trust: 1.98

sources: NVD: CVE-2018-1353 // JVNDB: JVNDB-2018-009414 // BID: 105428 // VULHUB: VHN-123598

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimanagerscope:lteversion:6.0.1

Trust: 1.8

vendor:fortinetmodel:fortimanagerscope:eqversion:6.0.1

Trust: 0.9

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.8

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.12

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.4.2

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.6.4

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.8

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.7

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.6

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.1

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.2

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.3

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.5

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.5

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.4

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:neversion:6.0.2

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.4.1

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:6.0

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.7

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.1

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.11

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.2

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.9

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.10

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.6.5

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.4.4

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.6

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.4

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.4

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.3

Trust: 0.3

sources: BID: 105428 // JVNDB: JVNDB-2018-009414 // CNNVD: CNNVD-201809-228 // NVD: CVE-2018-1353

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1353
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-1353
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201809-228
value: MEDIUM

Trust: 0.6

VULHUB: VHN-123598
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-1353
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123598
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1353
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-123598 // JVNDB: JVNDB-2018-009414 // CNNVD: CNNVD-201809-228 // NVD: CVE-2018-1353

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-123598 // JVNDB: JVNDB-2018-009414 // NVD: CVE-2018-1353

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-228

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201809-228

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009414

PATCH

title:FG-IR-18-016url:https://fortiguard.com/advisory/FG-IR-18-016

Trust: 0.8

title:Fortinet FortiManager Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84559

Trust: 0.6

sources: JVNDB: JVNDB-2018-009414 // CNNVD: CNNVD-201809-228

EXTERNAL IDS

db:NVDid:CVE-2018-1353

Trust: 2.8

db:JVNDBid:JVNDB-2018-009414

Trust: 0.8

db:CNNVDid:CNNVD-201809-228

Trust: 0.7

db:BIDid:105428

Trust: 0.3

db:VULHUBid:VHN-123598

Trust: 0.1

sources: VULHUB: VHN-123598 // BID: 105428 // JVNDB: JVNDB-2018-009414 // CNNVD: CNNVD-201809-228 // NVD: CVE-2018-1353

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-18-016

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1353

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-1353

Trust: 0.8

url:http://www.fortinet.com/

Trust: 0.3

url:https://fortiguard.com/psirt/fg-ir-18-016

Trust: 0.3

sources: VULHUB: VHN-123598 // BID: 105428 // JVNDB: JVNDB-2018-009414 // CNNVD: CNNVD-201809-228 // NVD: CVE-2018-1353

CREDITS

Yasar Calay, Beyaz Bilgisayar Danismanlik Hizmetleri

Trust: 0.3

sources: BID: 105428

SOURCES

db:VULHUBid:VHN-123598
db:BIDid:105428
db:JVNDBid:JVNDB-2018-009414
db:CNNVDid:CNNVD-201809-228
db:NVDid:CVE-2018-1353

LAST UPDATE DATE

2024-08-14T14:12:42.953000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-123598date:2018-10-25T00:00:00
db:BIDid:105428date:2018-08-27T00:00:00
db:JVNDBid:JVNDB-2018-009414date:2018-11-19T00:00:00
db:CNNVDid:CNNVD-201809-228date:2018-09-06T00:00:00
db:NVDid:CVE-2018-1353date:2018-10-25T17:09:11.457

SOURCES RELEASE DATE

db:VULHUBid:VHN-123598date:2018-09-05T00:00:00
db:BIDid:105428date:2018-08-27T00:00:00
db:JVNDBid:JVNDB-2018-009414date:2018-11-19T00:00:00
db:CNNVDid:CNNVD-201809-228date:2018-09-06T00:00:00
db:NVDid:CVE-2018-1353date:2018-09-05T13:29:00.230