Details of VAR-201905-0764

ID

VAR-201905-0764

CVE

CVE-2018-13383

TITLE

Fortinet FortiOS Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-015559 // CNNVD: CNNVD-201904-116

DESCRIPTION

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages. Fortinet FortiOS Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to a heap-based buffer-overflow vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Versions prior to FortiOS 6.0.5 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. A heap buffer overflow vulnerability existed in Fortinet versions prior to FortiOS 6.2.0. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations

Trust: 2.07

sources: NVD: CVE-2018-13383 // JVNDB: JVNDB-2018-015559 // BID: 108539 // VULHUB: VHN-123437 // VULMON: CVE-2018-13383

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	lt	version:	6.0.5	Trust: 1.8
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	5.6.11	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	5.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	1.2.9	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	5.2.15	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	5.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	5.4.13	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	5.6.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.7	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.10	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.9	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.7	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.12	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.11	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.13	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.9	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.7	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.7.7	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.19	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.17	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.15	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.10	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.9	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.2.13	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.2.12	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.1.11	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.1.10	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	2.80	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	2.50	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	2.36	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.9	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.10	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.12	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.11	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.18	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.16	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.14	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.13	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.12	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	6.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	6.0.5	Trust: 0.3

sources: BID: 108539 // JVNDB: JVNDB-2018-015559 // NVD: CVE-2018-13383

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13383
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2018-13383
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-13383
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201904-116
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-123437
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-13383
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-13383
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-123437
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-13383
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2018-13383
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2018-13383
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-123437 // VULMON: CVE-2018-13383 // JVNDB: JVNDB-2018-015559 // CNNVD: CNNVD-201904-116 // NVD: CVE-2018-13383 // NVD: CVE-2018-13383

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-123437 // JVNDB: JVNDB-2018-015559 // NVD: CVE-2018-13383

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-116

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201904-116

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015559

PATCH

title:	FG-IR-18-388	url:	https://fortiguard.com/psirt/FG-IR-18-388	Trust: 0.8
title:	Fortinet FortiOS Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91035	Trust: 0.6
title:	Fortigate VPN: CVE-2018-13379: Pre-auth arbitrary file reading	url:	https://github.com/jam620/forti-vpn	Trust: 0.1
title:	SecBooks SecBooks目录	url:	https://github.com/SexyBeast233/SecBooks	Trust: 0.1
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/Ostorlab/KEV	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/apt-groups-exploiting-flaws-in-unpatched-vpns-officials-warn/148956/	Trust: 0.1

sources: VULMON: CVE-2018-13383 // JVNDB: JVNDB-2018-015559 // CNNVD: CNNVD-201904-116

EXTERNAL IDS

db:	NVD	id:	CVE-2018-13383	Trust: 2.9
db:	BID	id:	108539	Trust: 1.0
db:	JVNDB	id:	JVNDB-2018-015559	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-116	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1114.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1114.4	Trust: 0.6
db:	VULHUB	id:	VHN-123437	Trust: 0.1
db:	VULMON	id:	CVE-2018-13383	Trust: 0.1

sources: VULHUB: VHN-123437 // VULMON: CVE-2018-13383 // BID: 108539 // JVNDB: JVNDB-2018-015559 // CNNVD: CNNVD-201904-116 // NVD: CVE-2018-13383

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-18-388	Trust: 1.8
url:	https://fortiguard.com/advisory/fg-ir-20-229	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13383	Trust: 1.4
url:	http://www.securityfocus.com/bid/108539	Trust: 1.3
url:	http://www.fortinet.com/technology/network-os-fortios.html	Trust: 0.9
url:	https://fortiguard.com/psirt/fg-ir-18-388	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13383	Trust: 0.8
url:	https://fortiguard.com/psirt/fg-ir-17-053	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1114.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/78322	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fortios-buffer-overflow-via-javascript-href-content-28933	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/apt-groups-exploiting-flaws-in-unpatched-vpns-officials-warn/148956/	Trust: 0.1

sources: VULHUB: VHN-123437 // VULMON: CVE-2018-13383 // BID: 108539 // JVNDB: JVNDB-2018-015559 // CNNVD: CNNVD-201904-116 // NVD: CVE-2018-13383

CREDITS

Meh Chang and Orange Tsai from DEVCORE Security Research Team.

Trust: 0.9

sources: BID: 108539 // CNNVD: CNNVD-201904-116

SOURCES

db:	VULHUB	id:	VHN-123437
db:	VULMON	id:	CVE-2018-13383
db:	BID	id:	108539
db:	JVNDB	id:	JVNDB-2018-015559
db:	CNNVD	id:	CNNVD-201904-116
db:	NVD	id:	CVE-2018-13383

LAST UPDATE DATE

2024-10-24T22:40:23.076000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-123437	date:	2020-01-22T00:00:00
db:	VULMON	id:	CVE-2018-13383	date:	2021-03-16T00:00:00
db:	BID	id:	108539	date:	2019-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-015559	date:	2019-06-12T00:00:00
db:	CNNVD	id:	CNNVD-201904-116	date:	2021-03-17T00:00:00
db:	NVD	id:	CVE-2018-13383	date:	2024-10-24T13:57:48.810

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-123437	date:	2019-05-29T00:00:00
db:	VULMON	id:	CVE-2018-13383	date:	2019-05-29T00:00:00
db:	BID	id:	108539	date:	2019-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-015559	date:	2019-06-12T00:00:00
db:	CNNVD	id:	CNNVD-201904-116	date:	2019-04-03T00:00:00
db:	NVD	id:	CVE-2018-13383	date:	2019-05-29T18:29:00.693