Sign-up

ID

VAR-201904-0595


CVE

CVE-2018-13378


TITLE

Fortinet FortiSIEM Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-015278

DESCRIPTION

An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. Fortinet FortiSIEM Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet Security Information & Event Management System (FortiSIEM) is a set of security information and event management system of Fortinet Corporation. Security event management of assets such as the system's infrastructure, applications, and virtual machines. The admin portal in Fortinet FortiSIEM 5.2.0 and earlier versions has an information disclosure vulnerability, which is caused by a configuration error in the network system or product during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

Trust: 1.71

sources: NVD: CVE-2018-13378 // JVNDB: JVNDB-2018-015278 // VULHUB: VHN-123431

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisiemscope:lteversion:5.2.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-015278 // NVD: CVE-2018-13378

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13378
value: HIGH

Trust: 1.0

NVD: CVE-2018-13378
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-001
value: HIGH

Trust: 0.6

VULHUB: VHN-123431
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13378
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123431
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13378
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-123431 // JVNDB: JVNDB-2018-015278 // CNNVD: CNNVD-201904-001 // NVD: CVE-2018-13378

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-123431 // JVNDB: JVNDB-2018-015278 // NVD: CVE-2018-13378

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-001

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201904-001

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015278

PATCH
title:FG-IR-18-382url:https://fortiguard.com/psirt/FG-IR-18-382
Trust: 0.8
title:Fortinet Security Information & Event Management System Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90917
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015278 // 
            
            
            
            CNNVD: CNNVD-201904-001

EXTERNAL IDS
db:NVDid:CVE-2018-13378
Trust: 2.5
db:JVNDBid:JVNDB-2018-015278
Trust: 0.8
db:CNNVDid:CNNVD-201904-001
Trust: 0.7
db:AUSCERTid:ESB-2019.1090
Trust: 0.6
db:VULHUBid:VHN-123431
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123431 // 
            
            
            
            JVNDB: JVNDB-2018-015278 // 
            
            
            
            CNNVD: CNNVD-201904-001 // 
            
            
            
            NVD: CVE-2018-13378

REFERENCES
url:https://fortiguard.com/advisory/fg-ir-18-382
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-13378
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13378
Trust: 0.8
url:https://fortiguard.com/psirt/fg-ir-18-382
Trust: 0.6
url:https://www.auscert.org.au/bulletins/78222
Trust: 0.6
sources:
            
            
            VULHUB: VHN-123431 // 
            
            
            
            JVNDB: JVNDB-2018-015278 // 
            
            
            
            CNNVD: CNNVD-201904-001 // 
            
            
            
            NVD: CVE-2018-13378

SOURCES
db:VULHUBid:VHN-123431
db:JVNDBid:JVNDB-2018-015278
db:CNNVDid:CNNVD-201904-001
db:NVDid:CVE-2018-13378

LAST UPDATE DATE
2024-11-23T23:08:25.559000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-123431date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2018-015278date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-001date:2019-04-19T00:00:00
db:NVDid:CVE-2018-13378date:2024-11-21T03:46:59.137

SOURCES RELEASE DATE
db:VULHUBid:VHN-123431date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2018-015278date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-001date:2019-04-01T00:00:00
db:NVDid:CVE-2018-13378date:2019-04-17T15:29:00.437