ID

VAR-201905-0761


CVE

CVE-2018-13365


TITLE

Fortinet FortiOS Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-015551

DESCRIPTION

An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. Fortinet FortiOS Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiOS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to FortiOS 5.6.6 and 6.0.2 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. This vulnerability stems from configuration errors in network systems or products during operation

Trust: 1.98

sources: NVD: CVE-2018-13365 // JVNDB: JVNDB-2018-015551 // BID: 105420 // VULHUB: VHN-123417

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:lteversion:5.6.5

Trust: 1.8

vendor:fortinetmodel:fortiosscope:lteversion:6.0.1

Trust: 1.8

vendor:fortinetmodel:fortiosscope:gteversion:5.6.6

Trust: 1.0

vendor:fortinetmodel:fortiosscope:eqversion:6.0.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:6.0.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:5.6.6

Trust: 0.3

sources: BID: 105420 // JVNDB: JVNDB-2018-015551 // NVD: CVE-2018-13365

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13365
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-13365
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-1078
value: MEDIUM

Trust: 0.6

VULHUB: VHN-123417
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13365
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123417
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13365
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-123417 // JVNDB: JVNDB-2018-015551 // CNNVD: CNNVD-201905-1078 // NVD: CVE-2018-13365

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-123417 // JVNDB: JVNDB-2018-015551 // NVD: CVE-2018-13365

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-1078

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201905-1078

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015551

PATCH

title:FG-IR-18-085url:https://fortiguard.com/psirt/FG-IR-18-085

Trust: 0.8

title:Fortinet FortiOS Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93031

Trust: 0.6

sources: JVNDB: JVNDB-2018-015551 // CNNVD: CNNVD-201905-1078

EXTERNAL IDS

db:NVDid:CVE-2018-13365

Trust: 2.8

db:JVNDBid:JVNDB-2018-015551

Trust: 0.8

db:CNNVDid:CNNVD-201905-1078

Trust: 0.7

db:BIDid:105420

Trust: 0.3

db:VULHUBid:VHN-123417

Trust: 0.1

sources: VULHUB: VHN-123417 // BID: 105420 // JVNDB: JVNDB-2018-015551 // CNNVD: CNNVD-201905-1078 // NVD: CVE-2018-13365

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-18-085

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-13365

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13365

Trust: 0.8

url:http://www.fortinet.com/

Trust: 0.3

url:https://fortiguard.com/psirt/fg-ir-18-085

Trust: 0.3

sources: VULHUB: VHN-123417 // BID: 105420 // JVNDB: JVNDB-2018-015551 // CNNVD: CNNVD-201905-1078 // NVD: CVE-2018-13365

CREDITS

Anandraj Amaran

Trust: 0.3

sources: BID: 105420

SOURCES

db:VULHUBid:VHN-123417
db:BIDid:105420
db:JVNDBid:JVNDB-2018-015551
db:CNNVDid:CNNVD-201905-1078
db:NVDid:CVE-2018-13365

LAST UPDATE DATE

2024-08-14T14:32:42.989000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-123417date:2019-05-30T00:00:00
db:BIDid:105420date:2018-08-23T00:00:00
db:JVNDBid:JVNDB-2018-015551date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1078date:2019-05-31T00:00:00
db:NVDid:CVE-2018-13365date:2019-05-30T17:31:14.970

SOURCES RELEASE DATE

db:VULHUBid:VHN-123417date:2019-05-29T00:00:00
db:BIDid:105420date:2018-08-23T00:00:00
db:JVNDBid:JVNDB-2018-015551date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1078date:2019-05-29T00:00:00
db:NVDid:CVE-2018-13365date:2019-05-29T21:29:00.840