Sign-up

ID

VAR-201809-0238


CVE

CVE-2018-1353


TITLE

Fortinet FortiManager Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-009414

DESCRIPTION

An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. Fortinet FortiManager Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiManager is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to FortiManager 6.0.1 are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management

Trust: 1.98

sources: NVD: CVE-2018-1353 // JVNDB: JVNDB-2018-009414 // BID: 105428 // VULHUB: VHN-123598

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimanagerscope:lteversion:6.0.1

Trust: 1.8

vendor:fortinetmodel:fortimanagerscope:eqversion:6.0.1

Trust: 0.9

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.8

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.12

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.4.2

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.6.4

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.8

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.7

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.6

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.1

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.2

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.3

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.5

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.5

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.4

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:neversion:6.0.2

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.4.1

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:6.0

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.7

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.1

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.11

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.2

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.9

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.10

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.6.5

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.4.4

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.6

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.4

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.0.4

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.3

Trust: 0.3

sources: BID: 105428 // JVNDB: JVNDB-2018-009414 // CNNVD: CNNVD-201809-228 // NVD: CVE-2018-1353

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1353
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-1353
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201809-228
value: MEDIUM

Trust: 0.6

VULHUB: VHN-123598
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-1353
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123598
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1353
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-123598 // JVNDB: JVNDB-2018-009414 // CNNVD: CNNVD-201809-228 // NVD: CVE-2018-1353

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-123598 // JVNDB: JVNDB-2018-009414 // NVD: CVE-2018-1353

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-228

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201809-228

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009414

PATCH
title:FG-IR-18-016url:https://fortiguard.com/advisory/FG-IR-18-016
Trust: 0.8
title:Fortinet FortiManager Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84559
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-009414 // 
            
            
            
            CNNVD: CNNVD-201809-228

EXTERNAL IDS
db:NVDid:CVE-2018-1353
Trust: 2.8
db:JVNDBid:JVNDB-2018-009414
Trust: 0.8
db:CNNVDid:CNNVD-201809-228
Trust: 0.7
db:BIDid:105428
Trust: 0.3
db:VULHUBid:VHN-123598
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123598 // 
            
            
            
            BID: 105428 // 
            
            
            
            JVNDB: JVNDB-2018-009414 // 
            
            
            
            CNNVD: CNNVD-201809-228 // 
            
            
            
            NVD: CVE-2018-1353

REFERENCES
url:https://fortiguard.com/advisory/fg-ir-18-016
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1353
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1353
Trust: 0.8
url:http://www.fortinet.com/
Trust: 0.3
url:https://fortiguard.com/psirt/fg-ir-18-016
Trust: 0.3
sources:
            
            
            VULHUB: VHN-123598 // 
            
            
            
            BID: 105428 // 
            
            
            
            JVNDB: JVNDB-2018-009414 // 
            
            
            
            CNNVD: CNNVD-201809-228 // 
            
            
            
            NVD: CVE-2018-1353

CREDITS
Yasar Calay, Beyaz Bilgisayar Danismanlik Hizmetleri
Trust: 0.3
sources:
            
            
            BID: 105428

SOURCES
db:VULHUBid:VHN-123598
db:BIDid:105428
db:JVNDBid:JVNDB-2018-009414
db:CNNVDid:CNNVD-201809-228
db:NVDid:CVE-2018-1353

LAST UPDATE DATE
2024-08-14T14:12:42.953000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-123598date:2018-10-25T00:00:00
db:BIDid:105428date:2018-08-27T00:00:00
db:JVNDBid:JVNDB-2018-009414date:2018-11-19T00:00:00
db:CNNVDid:CNNVD-201809-228date:2018-09-06T00:00:00
db:NVDid:CVE-2018-1353date:2018-10-25T17:09:11.457

SOURCES RELEASE DATE
db:VULHUBid:VHN-123598date:2018-09-05T00:00:00
db:BIDid:105428date:2018-08-27T00:00:00
db:JVNDBid:JVNDB-2018-009414date:2018-11-19T00:00:00
db:CNNVDid:CNNVD-201809-228date:2018-09-06T00:00:00
db:NVDid:CVE-2018-1353date:2018-09-05T13:29:00.230