ID

VAR-201811-0161


CVE

CVE-2018-13376


TITLE

Fortinet FortiOS Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012317

DESCRIPTION

An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. Fortinet FortiOS Contains a resource management vulnerability.Information may be obtained. Fortinet FortiOS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. FortiOS 5.6.1 through 5.6.3, 5.4.6 through 5.4.7, and 5.2.12 and later are vulnerable. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. Security vulnerabilities exist in Fortinet FortiOS versions 5.6.1 through 5.6.3, 5.4.6 through 5.4.7, and 5.2

Trust: 1.98

sources: NVD: CVE-2018-13376 // JVNDB: JVNDB-2018-012317 // BID: 106036 // VULHUB: VHN-123429

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:lteversion:5.6.3

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.2.12

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:5.6.1

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.4.7

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:5.4.6

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:5.6.3

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.6.2

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.4.7

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.4.6

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2.12

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.6.1

Trust: 0.9

vendor:fortinetmodel:fortiosscope:eqversion:5.2

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:5.4.6 to 5.4.7

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:5.6.1 to 5.6.3

Trust: 0.8

vendor:fortinetmodel:fortiosscope:neversion:6.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:5.6.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:5.4.8

Trust: 0.3

sources: BID: 106036 // JVNDB: JVNDB-2018-012317 // CNNVD: CNNVD-201811-749 // NVD: CVE-2018-13376

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13376
value: HIGH

Trust: 1.0

NVD: CVE-2018-13376
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201811-749
value: HIGH

Trust: 0.6

VULHUB: VHN-123429
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13376
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123429
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13376
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-123429 // JVNDB: JVNDB-2018-012317 // CNNVD: CNNVD-201811-749 // NVD: CVE-2018-13376

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-123429 // JVNDB: JVNDB-2018-012317 // NVD: CVE-2018-13376

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-749

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201811-749

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012317

PATCH

title:FG-IR-18-325url:https://fortiguard.com/psirt/FG-IR-18-325

Trust: 0.8

title:Fortinet FortiOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87011

Trust: 0.6

sources: JVNDB: JVNDB-2018-012317 // CNNVD: CNNVD-201811-749

EXTERNAL IDS

db:NVDid:CVE-2018-13376

Trust: 2.8

db:BIDid:106036

Trust: 2.0

db:JVNDBid:JVNDB-2018-012317

Trust: 0.8

db:CNNVDid:CNNVD-201811-749

Trust: 0.7

db:VULHUBid:VHN-123429

Trust: 0.1

sources: VULHUB: VHN-123429 // BID: 106036 // JVNDB: JVNDB-2018-012317 // CNNVD: CNNVD-201811-749 // NVD: CVE-2018-13376

REFERENCES

url:http://www.securityfocus.com/bid/106036

Trust: 1.7

url:https://fortiguard.com/advisory/fg-ir-18-325

Trust: 1.7

url:https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13376

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-13376

Trust: 0.8

url:http://www.fortinet.com/

Trust: 0.3

url:https://fortiguard.com/psirt/fg-ir-18-325

Trust: 0.3

sources: VULHUB: VHN-123429 // BID: 106036 // JVNDB: JVNDB-2018-012317 // CNNVD: CNNVD-201811-749 // NVD: CVE-2018-13376

CREDITS

usd AG

Trust: 0.3

sources: BID: 106036

SOURCES

db:VULHUBid:VHN-123429
db:BIDid:106036
db:JVNDBid:JVNDB-2018-012317
db:CNNVDid:CNNVD-201811-749
db:NVDid:CVE-2018-13376

LAST UPDATE DATE

2024-11-23T21:38:02.924000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-123429date:2019-10-03T00:00:00
db:BIDid:106036date:2018-11-22T00:00:00
db:JVNDBid:JVNDB-2018-012317date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201811-749date:2019-10-23T00:00:00
db:NVDid:CVE-2018-13376date:2024-11-21T03:46:59.020

SOURCES RELEASE DATE

db:VULHUBid:VHN-123429date:2018-11-27T00:00:00
db:BIDid:106036date:2018-11-22T00:00:00
db:JVNDBid:JVNDB-2018-012317date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201811-749date:2018-11-28T00:00:00
db:NVDid:CVE-2018-13376date:2018-11-27T15:29:00.227