ID

VAR-201906-0816


CVE

CVE-2018-13380


TITLE

Fortinet FortiOS Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-015566

DESCRIPTION

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. Fortinet FortiOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiOS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and prior versions are vulnerable

Trust: 2.07

sources: NVD: CVE-2018-13380 // JVNDB: JVNDB-2018-015566 // BID: 108681 // VULHUB: VHN-123434 // VULMON: CVE-2018-13380

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiproxyscope:lteversion:1.2.8

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.0.4

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.2

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:5.6.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:eqversion:2.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.4.12

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:5.4.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.6.7

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.4

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:5.6.0 to 5.6.7

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:6.0.0 to 6.0.4

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:6.0.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.11

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.9

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.7.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.19

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.17

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.15

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.10

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.9

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.2.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.2.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.1.11

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.1.10

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:3.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:2.36

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.9

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.10

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.11

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.18

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.16

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.14

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:6.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:6.0.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:5.6.8

Trust: 0.3

sources: BID: 108681 // JVNDB: JVNDB-2018-015566 // NVD: CVE-2018-13380

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13380
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2018-13380
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-13380
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-1024
value: MEDIUM

Trust: 0.6

VULHUB: VHN-123434
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-13380
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13380
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-123434
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13380
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2018-13380
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2018-13380
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-123434 // VULMON: CVE-2018-13380 // JVNDB: JVNDB-2018-015566 // CNNVD: CNNVD-201905-1024 // NVD: CVE-2018-13380 // NVD: CVE-2018-13380

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-123434 // JVNDB: JVNDB-2018-015566 // NVD: CVE-2018-13380

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-1024

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201905-1024

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015566

PATCH

title:FG-IR-18-383url:https://fortiguard.com/psirt/FG-IR-18-383

Trust: 0.8

title:Fortinet FortiOS Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92976

Trust: 0.6

title:forti-vpnurl:https://github.com/jam620/forti-vpn

Trust: 0.1

title:nuclei-templatesurl:https://github.com/storenth/nuclei-templates

Trust: 0.1

title:kenzer-templatesurl:https://github.com/Elsfa7-110/kenzer-templates

Trust: 0.1

title:kenzer-templatesurl:https://github.com/ARPSyndicate/kenzer-templates

Trust: 0.1

sources: VULMON: CVE-2018-13380 // JVNDB: JVNDB-2018-015566 // CNNVD: CNNVD-201905-1024

EXTERNAL IDS

db:NVDid:CVE-2018-13380

Trust: 2.9

db:BIDid:108681

Trust: 0.9

db:JVNDBid:JVNDB-2018-015566

Trust: 0.8

db:AUSCERTid:ESB-2021.0775

Trust: 0.6

db:CNNVDid:CNNVD-201905-1024

Trust: 0.6

db:VULHUBid:VHN-123434

Trust: 0.1

db:VULMONid:CVE-2018-13380

Trust: 0.1

sources: VULHUB: VHN-123434 // VULMON: CVE-2018-13380 // BID: 108681 // JVNDB: JVNDB-2018-015566 // CNNVD: CNNVD-201905-1024 // NVD: CVE-2018-13380

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-18-383

Trust: 1.8

url:https://fortiguard.com/advisory/fg-ir-20-230

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-13380

Trust: 1.4

url:http://www.securityfocus.com/bid/108681

Trust: 1.2

url:https://www.fortinet.com/products/fortigate/fortios.html

Trust: 0.9

url:https://fortiguard.com/psirt/fg-ir-18-383

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13380

Trust: 0.8

url:https://vigilance.fr/vulnerability/fortios-cross-site-scripting-via-ssl-vpn-portal-30135

Trust: 0.6

url:https://vigilance.fr/vulnerability/fortios-cross-site-scripting-via-the-vpn-portal-29412

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0775

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/jam620/forti-vpn

Trust: 0.1

url:https://github.com/storenth/nuclei-templates

Trust: 0.1

sources: VULHUB: VHN-123434 // VULMON: CVE-2018-13380 // BID: 108681 // JVNDB: JVNDB-2018-015566 // CNNVD: CNNVD-201905-1024 // NVD: CVE-2018-13380

CREDITS

Meh Chang and Orange Tsai from DEVCORE Security Research Team.

Trust: 0.9

sources: BID: 108681 // CNNVD: CNNVD-201905-1024

SOURCES

db:VULHUBid:VHN-123434
db:VULMONid:CVE-2018-13380
db:BIDid:108681
db:JVNDBid:JVNDB-2018-015566
db:CNNVDid:CNNVD-201905-1024
db:NVDid:CVE-2018-13380

LAST UPDATE DATE

2024-08-14T13:44:56.870000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-123434date:2020-01-22T00:00:00
db:VULMONid:CVE-2018-13380date:2021-04-06T00:00:00
db:BIDid:108681date:2019-05-24T00:00:00
db:JVNDBid:JVNDB-2018-015566date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201905-1024date:2021-03-11T00:00:00
db:NVDid:CVE-2018-13380date:2021-04-06T12:56:42.507

SOURCES RELEASE DATE

db:VULHUBid:VHN-123434date:2019-06-04T00:00:00
db:VULMONid:CVE-2018-13380date:2019-06-04T00:00:00
db:BIDid:108681date:2019-05-24T00:00:00
db:JVNDBid:JVNDB-2018-015566date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201905-1024date:2019-05-27T00:00:00
db:NVDid:CVE-2018-13380date:2019-06-04T21:29:00.267