Sign-up

ID

VAR-201811-0161


CVE

CVE-2018-13376


TITLE

Fortinet FortiOS Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012317

DESCRIPTION

An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. Fortinet FortiOS Contains a resource management vulnerability.Information may be obtained. Fortinet FortiOS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. FortiOS 5.6.1 through 5.6.3, 5.4.6 through 5.4.7, and 5.2.12 and later are vulnerable. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. Security vulnerabilities exist in Fortinet FortiOS versions 5.6.1 through 5.6.3, 5.4.6 through 5.4.7, and 5.2

Trust: 1.98

sources: NVD: CVE-2018-13376 // JVNDB: JVNDB-2018-012317 // BID: 106036 // VULHUB: VHN-123429

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:lteversion:5.2.12

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.4.7

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:5.4.6

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:5.6.1

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.6.3

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:5.6.3

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.6.2

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.4.7

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.4.6

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.12

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.6.1

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:5.4.6 to 5.4.7

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:5.6.1 to 5.6.3

Trust: 0.8

vendor:fortinetmodel:fortiosscope:neversion:6.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:5.6.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:5.4.8

Trust: 0.3

sources: BID: 106036 // JVNDB: JVNDB-2018-012317 // CNNVD: CNNVD-201811-749 // NVD: CVE-2018-13376

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13376
value: HIGH

Trust: 1.0

NVD: CVE-2018-13376
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201811-749
value: HIGH

Trust: 0.6

VULHUB: VHN-123429
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13376
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123429
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13376
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-123429 // JVNDB: JVNDB-2018-012317 // CNNVD: CNNVD-201811-749 // NVD: CVE-2018-13376

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-123429 // JVNDB: JVNDB-2018-012317 // NVD: CVE-2018-13376

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-749

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201811-749

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012317

PATCH
title:FG-IR-18-325url:https://fortiguard.com/psirt/FG-IR-18-325
Trust: 0.8
title:Fortinet FortiOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87011
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-012317 // 
            
            
            
            CNNVD: CNNVD-201811-749

EXTERNAL IDS
db:NVDid:CVE-2018-13376
Trust: 2.8
db:BIDid:106036
Trust: 2.0
db:JVNDBid:JVNDB-2018-012317
Trust: 0.8
db:CNNVDid:CNNVD-201811-749
Trust: 0.7
db:VULHUBid:VHN-123429
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123429 // 
            
            
            
            BID: 106036 // 
            
            
            
            JVNDB: JVNDB-2018-012317 // 
            
            
            
            CNNVD: CNNVD-201811-749 // 
            
            
            
            NVD: CVE-2018-13376

REFERENCES
url:http://www.securityfocus.com/bid/106036
Trust: 1.7
url:https://fortiguard.com/advisory/fg-ir-18-325
Trust: 1.7
url:https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13376
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-13376
Trust: 0.8
url:http://www.fortinet.com/
Trust: 0.3
url:https://fortiguard.com/psirt/fg-ir-18-325
Trust: 0.3
sources:
            
            
            VULHUB: VHN-123429 // 
            
            
            
            BID: 106036 // 
            
            
            
            JVNDB: JVNDB-2018-012317 // 
            
            
            
            CNNVD: CNNVD-201811-749 // 
            
            
            
            NVD: CVE-2018-13376

CREDITS
usd AG
Trust: 0.3
sources:
            
            
            BID: 106036

SOURCES
db:VULHUBid:VHN-123429
db:BIDid:106036
db:JVNDBid:JVNDB-2018-012317
db:CNNVDid:CNNVD-201811-749
db:NVDid:CVE-2018-13376

LAST UPDATE DATE
2024-08-14T15:07:51.225000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-123429date:2019-10-03T00:00:00
db:BIDid:106036date:2018-11-22T00:00:00
db:JVNDBid:JVNDB-2018-012317date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201811-749date:2019-10-23T00:00:00
db:NVDid:CVE-2018-13376date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE
db:VULHUBid:VHN-123429date:2018-11-27T00:00:00
db:BIDid:106036date:2018-11-22T00:00:00
db:JVNDBid:JVNDB-2018-012317date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201811-749date:2018-11-28T00:00:00
db:NVDid:CVE-2018-13376date:2018-11-27T15:29:00.227