Details of VAR-201905-0761

ID

VAR-201905-0761

CVE

CVE-2018-13365

TITLE

Fortinet FortiOS Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-015551

DESCRIPTION

An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. Fortinet FortiOS Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiOS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to FortiOS 5.6.6 and 6.0.2 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. This vulnerability stems from configuration errors in network systems or products during operation

Trust: 1.98

sources: NVD: CVE-2018-13365 // JVNDB: JVNDB-2018-015551 // BID: 105420 // VULHUB: VHN-123417

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	lte	version:	5.6.5	Trust: 1.8
vendor:	fortinet	model:	fortios	scope:	lte	version:	6.0.1	Trust: 1.8
vendor:	fortinet	model:	fortios	scope:	gte	version:	5.6.6	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	6.0.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	5.6.6	Trust: 0.3

sources: BID: 105420 // JVNDB: JVNDB-2018-015551 // NVD: CVE-2018-13365

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13365
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-13365
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-1078
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-123417
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-13365
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-123417
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-13365
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-123417 // JVNDB: JVNDB-2018-015551 // CNNVD: CNNVD-201905-1078 // NVD: CVE-2018-13365

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-123417 // JVNDB: JVNDB-2018-015551 // NVD: CVE-2018-13365

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-1078

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201905-1078

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015551

PATCH

title:	FG-IR-18-085	url:	https://fortiguard.com/psirt/FG-IR-18-085	Trust: 0.8
title:	Fortinet FortiOS Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93031	Trust: 0.6

sources: JVNDB: JVNDB-2018-015551 // CNNVD: CNNVD-201905-1078

EXTERNAL IDS

db:	NVD	id:	CVE-2018-13365	Trust: 2.8
db:	JVNDB	id:	JVNDB-2018-015551	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-1078	Trust: 0.7
db:	BID	id:	105420	Trust: 0.3
db:	VULHUB	id:	VHN-123417	Trust: 0.1

sources: VULHUB: VHN-123417 // BID: 105420 // JVNDB: JVNDB-2018-015551 // CNNVD: CNNVD-201905-1078 // NVD: CVE-2018-13365

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-18-085	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13365	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13365	Trust: 0.8
url:	http://www.fortinet.com/	Trust: 0.3
url:	https://fortiguard.com/psirt/fg-ir-18-085	Trust: 0.3

sources: VULHUB: VHN-123417 // BID: 105420 // JVNDB: JVNDB-2018-015551 // CNNVD: CNNVD-201905-1078 // NVD: CVE-2018-13365

CREDITS

Anandraj Amaran

Trust: 0.3

sources: BID: 105420

SOURCES

db:	VULHUB	id:	VHN-123417
db:	BID	id:	105420
db:	JVNDB	id:	JVNDB-2018-015551
db:	CNNVD	id:	CNNVD-201905-1078
db:	NVD	id:	CVE-2018-13365

LAST UPDATE DATE

2024-08-14T14:32:42.989000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-123417	date:	2019-05-30T00:00:00
db:	BID	id:	105420	date:	2018-08-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-015551	date:	2019-06-12T00:00:00
db:	CNNVD	id:	CNNVD-201905-1078	date:	2019-05-31T00:00:00
db:	NVD	id:	CVE-2018-13365	date:	2019-05-30T17:31:14.970

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-123417	date:	2019-05-29T00:00:00
db:	BID	id:	105420	date:	2018-08-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-015551	date:	2019-06-12T00:00:00
db:	CNNVD	id:	CNNVD-201905-1078	date:	2019-05-29T00:00:00
db:	NVD	id:	CVE-2018-13365	date:	2019-05-29T21:29:00.840