Sign-up

ID

VAR-201906-0817


CVE

CVE-2018-13381


TITLE

Fortinet FortiOS Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-015567 // CNNVD: CNNVD-201905-878

DESCRIPTION

A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads. Fortinet FortiOS Contains a buffer error vulnerability.Denial of service (DoS) May be in a state. FortinetFortiOS is a set of Fortinet security operating systems dedicated to the FortiGate network security platform. The system provides users with multiple security features such as firewall, anti-virus, IPSec/SSLVPN, web content filtering and anti-spam. A buffer overflow vulnerability exists in FortinetFort iOS version 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, and 5.4 and earlier. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. Fortinet FortiOS is prone to a buffer-overflow vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. The following versions are vulnerable: FortiOS 6.0.0 through 6.0.4 FortiOS 5.6.0 through 5.6.7 FortiOS 5.4 and prior

Trust: 2.61

sources: NVD: CVE-2018-13381 // JVNDB: JVNDB-2018-015567 // CNVD: CNVD-2019-25051 // BID: 108440 // VULHUB: VHN-123435 // VULMON: CVE-2018-13381

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:lteversion:5.6.10

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:1.2.8

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.0.4

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:5.6.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:eqversion:2.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.4.12

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.2.14

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:5.4.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.4

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:5.6.0 to 5.6.7

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:6.0.0 to 6.0.4

Trust: 0.8

vendor:fortinetmodel:fortiosscope:gteversion:6.0.0,<=6.0.4

Trust: 0.6

vendor:fortinetmodel:fortiosscope:gteversion:5.6.0,<=5.6.7

Trust: 0.6

vendor:fortinetmodel:fortiosscope:lteversion:<=5.4

Trust: 0.6

vendor:fortinetmodel:fortiosscope:eqversion:6.0.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.11

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.9

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.7.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.19

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.17

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.15

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.10

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.9

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.2.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.2.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.1.11

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.1.10

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:3.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:2.80

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:2.50

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:2.36

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.9

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.10

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.11

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.18

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.16

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.14

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:6.0.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:5.6.8

Trust: 0.3

sources: CNVD: CNVD-2019-25051 // BID: 108440 // JVNDB: JVNDB-2018-015567 // NVD: CVE-2018-13381

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13381
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2018-13381
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-13381
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-25051
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-878
value: HIGH

Trust: 0.6

VULHUB: VHN-123435
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-13381
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13381
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-25051
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-123435
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13381
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2018-13381
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2018-13381
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-25051 // VULHUB: VHN-123435 // VULMON: CVE-2018-13381 // JVNDB: JVNDB-2018-015567 // CNNVD: CNNVD-201905-878 // NVD: CVE-2018-13381 // NVD: CVE-2018-13381

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-123435 // JVNDB: JVNDB-2018-015567 // NVD: CVE-2018-13381

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-878

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-878

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015567

PATCH
title:FG-IR-18-387url:https://fortiguard.com/psirt/FG-IR-18-387
Trust: 0.8
title:FortinetFortiOS Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/172331
Trust: 0.6
title:forti-vpnurl:https://github.com/jam620/forti-vpn 
Trust: 0.1
title:SecBooksurl:https://github.com/SexyBeast233/SecBooks 
Trust: 0.1
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-vulnerabilities-in-ssl-vpn-and-web-firewall/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-25051 // 
            
            
            
            VULMON: CVE-2018-13381 // 
            
            
            
            JVNDB: JVNDB-2018-015567

EXTERNAL IDS
db:NVDid:CVE-2018-13381
Trust: 3.5
db:AUSCERTid:ESB-2019.1822
Trust: 1.2
db:BIDid:108440
Trust: 1.1
db:JVNDBid:JVNDB-2018-015567
Trust: 0.8
db:CNNVDid:CNNVD-201905-878
Trust: 0.7
db:CNVDid:CNVD-2019-25051
Trust: 0.6
db:VULHUBid:VHN-123435
Trust: 0.1
db:VULMONid:CVE-2018-13381
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-25051 // 
            
            
            
            VULHUB: VHN-123435 // 
            
            
            
            VULMON: CVE-2018-13381 // 
            
            
            
            BID: 108440 // 
            
            
            
            JVNDB: JVNDB-2018-015567 // 
            
            
            
            CNNVD: CNNVD-201905-878 // 
            
            
            
            NVD: CVE-2018-13381

REFERENCES
url:https://www.securityfocus.com/bid/108440
Trust: 2.5
url:https://fortiguard.com/advisory/fg-ir-18-387
Trust: 1.8
url:https://fortiguard.com/advisory/fg-ir-20-232
Trust: 1.8
url:https://fortiguard.com/psirt/fg-ir-18-387
Trust: 1.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-13381
Trust: 1.4
url:https://www.auscert.org.au/bulletins/esb-2019.1822/
Trust: 1.2
url:https://www.fortinet.com/products/fortigate/fortios.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13381
Trust: 0.8
url:http://www.fortinet.com/technology/network-os-fortios.html
Trust: 0.6
url:https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn/
Trust: 0.6
url:https://vigilance.fr/vulnerability/fortios-buffer-overflow-via-web-portal-post-message-29467
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-25051 // 
            
            
            
            VULHUB: VHN-123435 // 
            
            
            
            VULMON: CVE-2018-13381 // 
            
            
            
            BID: 108440 // 
            
            
            
            JVNDB: JVNDB-2018-015567 // 
            
            
            
            CNNVD: CNNVD-201905-878 // 
            
            
            
            NVD: CVE-2018-13381

CREDITS
Meh Chang and Orange Tsai from DEVCORE Security Research Team
Trust: 0.9
sources:
            
            
            BID: 108440 // 
            
            
            
            CNNVD: CNNVD-201905-878

SOURCES
db:CNVDid:CNVD-2019-25051
db:VULHUBid:VHN-123435
db:VULMONid:CVE-2018-13381
db:BIDid:108440
db:JVNDBid:JVNDB-2018-015567
db:CNNVDid:CNNVD-201905-878
db:NVDid:CVE-2018-13381

LAST UPDATE DATE
2024-08-14T14:56:49.993000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-25051date:2019-07-30T00:00:00
db:VULHUBid:VHN-123435date:2019-08-29T00:00:00
db:VULMONid:CVE-2018-13381date:2021-03-16T00:00:00
db:BIDid:108440date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2018-015567date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201905-878date:2021-03-10T00:00:00
db:NVDid:CVE-2018-13381date:2021-03-16T02:41:08.027

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-25051date:2019-07-30T00:00:00
db:VULHUBid:VHN-123435date:2019-06-04T00:00:00
db:VULMONid:CVE-2018-13381date:2019-06-04T00:00:00
db:BIDid:108440date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2018-015567date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201905-878date:2019-05-22T00:00:00
db:NVDid:CVE-2018-13381date:2019-06-04T21:29:00.313