Sign-up

ID

VAR-201905-0762


CVE

CVE-2018-13368


TITLE

Windows for Fortinet FortiClient Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-015536

DESCRIPTION

A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection. Windows for Fortinet FortiClient Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these issues to gain the elevated privileges on the system. Failed exploit attempts may result in a denial of service condition. Fortinet FortiClient 6.0.4 and prior are vulnerable. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. Vulnerabilities in permissions and access control issues exist in Fortinet FortiClient version 6.0.4 based on the Windows platform. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 1.98

sources: NVD: CVE-2018-13368 // JVNDB: JVNDB-2018-015536 // BID: 108532 // VULHUB: VHN-123420

AFFECTED PRODUCTS

vendor:fortinetmodel:forticlientscope:lteversion:6.0.4

Trust: 1.0

vendor:fortinetmodel:forticlientscope:lteversion:6.0.4 (windows)

Trust: 0.8

vendor:fortinetmodel:forticlientscope:neversion:6.0.5

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:6.0.2

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:3.0.614

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:6.0.3

Trust: 0.3

vendor:fortinetmodel:forticlient mr7 patchscope:eqversion:3.06

Trust: 0.3

vendor:fortinetmodel:forticlient mr5 patchscope:eqversion:3.04

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.6.1

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.4.1

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.28

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:6.0.4

Trust: 0.3

vendor:fortinetmodel:forticlient buildscope:eqversion:5.2.0591

Trust: 0.3

vendor:fortinetmodel:forticlient mr5 patchscope:eqversion:3.03

Trust: 0.3

vendor:fortinetmodel:forticlient mr6scope:eqversion:3.0

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:6.0.1

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.3.091

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.4.0650

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:2.0

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.0.10

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.4.3

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.4.4

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.4

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.3.633

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.4.2

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.6

Trust: 0.3

sources: BID: 108532 // JVNDB: JVNDB-2018-015536 // NVD: CVE-2018-13368

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13368
value: HIGH

Trust: 1.0

NVD: CVE-2018-13368
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-1113
value: HIGH

Trust: 0.6

VULHUB: VHN-123420
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13368
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123420
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13368
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-123420 // JVNDB: JVNDB-2018-015536 // CNNVD: CNNVD-201905-1113 // NVD: CVE-2018-13368

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-123420 // JVNDB: JVNDB-2018-015536 // NVD: CVE-2018-13368

THREAT TYPE

local

Trust: 0.9

sources: BID: 108532 // CNNVD: CNNVD-201905-1113

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201905-1113

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015536

PATCH
title:FG-IR-18-108url:https://fortiguard.com/advisory/FG-IR-18-108
Trust: 0.8
title:Fortinet FortiClient Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93051
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015536 // 
            
            
            
            CNNVD: CNNVD-201905-1113

EXTERNAL IDS
db:NVDid:CVE-2018-13368
Trust: 2.8
db:JVNDBid:JVNDB-2018-015536
Trust: 0.8
db:CNNVDid:CNNVD-201905-1113
Trust: 0.7
db:BIDid:108532
Trust: 0.3
db:VULHUBid:VHN-123420
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123420 // 
            
            
            
            BID: 108532 // 
            
            
            
            JVNDB: JVNDB-2018-015536 // 
            
            
            
            CNNVD: CNNVD-201905-1113 // 
            
            
            
            NVD: CVE-2018-13368

REFERENCES
url:https://fortiguard.com/advisory/fg-ir-18-108
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-13368
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13368
Trust: 0.8
url:https://forticlient.com/
Trust: 0.3
url:https://fortiguard.com/psirt/fg-ir-18-108
Trust: 0.3
sources:
            
            
            VULHUB: VHN-123420 // 
            
            
            
            BID: 108532 // 
            
            
            
            JVNDB: JVNDB-2018-015536 // 
            
            
            
            CNNVD: CNNVD-201905-1113 // 
            
            
            
            NVD: CVE-2018-13368

CREDITS
Kevin Joensen from Secu A/S
Trust: 0.3
sources:
            
            
            BID: 108532

SOURCES
db:VULHUBid:VHN-123420
db:BIDid:108532
db:JVNDBid:JVNDB-2018-015536
db:CNNVDid:CNNVD-201905-1113
db:NVDid:CVE-2018-13368

LAST UPDATE DATE
2024-11-23T21:37:18.013000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-123420date:2020-08-24T00:00:00
db:BIDid:108532date:2018-12-22T00:00:00
db:JVNDBid:JVNDB-2018-015536date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1113date:2020-08-25T00:00:00
db:NVDid:CVE-2018-13368date:2024-11-21T03:46:58.447

SOURCES RELEASE DATE
db:VULHUBid:VHN-123420date:2019-05-30T00:00:00
db:BIDid:108532date:2018-12-22T00:00:00
db:JVNDBid:JVNDB-2018-015536date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1113date:2019-05-30T00:00:00
db:NVDid:CVE-2018-13368date:2019-05-30T17:29:00.217