ID

VAR-201906-0817


CVE

CVE-2018-13381


TITLE

Fortinet FortiOS Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-015567 // CNNVD: CNNVD-201905-878

DESCRIPTION

A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads. Fortinet FortiOS Contains a buffer error vulnerability.Denial of service (DoS) May be in a state. FortinetFortiOS is a set of Fortinet security operating systems dedicated to the FortiGate network security platform. The system provides users with multiple security features such as firewall, anti-virus, IPSec/SSLVPN, web content filtering and anti-spam. A buffer overflow vulnerability exists in FortinetFort iOS version 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, and 5.4 and earlier. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. Fortinet FortiOS is prone to a buffer-overflow vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. The following versions are vulnerable: FortiOS 6.0.0 through 6.0.4 FortiOS 5.6.0 through 5.6.7 FortiOS 5.4 and prior

Trust: 2.61

sources: NVD: CVE-2018-13381 // JVNDB: JVNDB-2018-015567 // CNVD: CNVD-2019-25051 // BID: 108440 // VULHUB: VHN-123435 // VULMON: CVE-2018-13381

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:lteversion:5.6.10

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:lteversion:1.2.8

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:6.0.4

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:5.6.0

Trust: 1.0

vendor:fortinetmodel:fortiproxyscope:eqversion:2.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.4.12

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.2.14

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:5.4.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.4

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:5.6.0 to 5.6.7

Trust: 0.8

vendor:fortinetmodel:fortiosscope:eqversion:6.0.0 to 6.0.4

Trust: 0.8

vendor:fortinetmodel:fortiosscope:gteversion:6.0.0,<=6.0.4

Trust: 0.6

vendor:fortinetmodel:fortiosscope:gteversion:5.6.0,<=5.6.7

Trust: 0.6

vendor:fortinetmodel:fortiosscope:lteversion:<=5.4

Trust: 0.6

vendor:fortinetmodel:fortiosscope:eqversion:6.0.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:6.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.11

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.9

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.7.7

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.19

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.17

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.15

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.10

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.9

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.8

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.2.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.2.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.1.11

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.1.10

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:3.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:2.80

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:2.50

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:2.36

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.6.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.4.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.9

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.10

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.6

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.11

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.18

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.16

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.14

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.13

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:4.3.12

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:6.0.5

Trust: 0.3

vendor:fortinetmodel:fortiosscope:neversion:5.6.8

Trust: 0.3

sources: CNVD: CNVD-2019-25051 // BID: 108440 // JVNDB: JVNDB-2018-015567 // NVD: CVE-2018-13381

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13381
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2018-13381
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-13381
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-25051
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-878
value: HIGH

Trust: 0.6

VULHUB: VHN-123435
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-13381
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13381
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-25051
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-123435
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13381
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2018-13381
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2018-13381
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-25051 // VULHUB: VHN-123435 // VULMON: CVE-2018-13381 // JVNDB: JVNDB-2018-015567 // CNNVD: CNNVD-201905-878 // NVD: CVE-2018-13381 // NVD: CVE-2018-13381

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-123435 // JVNDB: JVNDB-2018-015567 // NVD: CVE-2018-13381

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-878

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-878

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015567

PATCH

title:FG-IR-18-387url:https://fortiguard.com/psirt/FG-IR-18-387

Trust: 0.8

title:FortinetFortiOS Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/172331

Trust: 0.6

title:forti-vpnurl:https://github.com/jam620/forti-vpn

Trust: 0.1

title:SecBooksurl:https://github.com/SexyBeast233/SecBooks

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-vulnerabilities-in-ssl-vpn-and-web-firewall/

Trust: 0.1

sources: CNVD: CNVD-2019-25051 // VULMON: CVE-2018-13381 // JVNDB: JVNDB-2018-015567

EXTERNAL IDS

db:NVDid:CVE-2018-13381

Trust: 3.5

db:AUSCERTid:ESB-2019.1822

Trust: 1.2

db:BIDid:108440

Trust: 1.1

db:JVNDBid:JVNDB-2018-015567

Trust: 0.8

db:CNNVDid:CNNVD-201905-878

Trust: 0.7

db:CNVDid:CNVD-2019-25051

Trust: 0.6

db:VULHUBid:VHN-123435

Trust: 0.1

db:VULMONid:CVE-2018-13381

Trust: 0.1

sources: CNVD: CNVD-2019-25051 // VULHUB: VHN-123435 // VULMON: CVE-2018-13381 // BID: 108440 // JVNDB: JVNDB-2018-015567 // CNNVD: CNNVD-201905-878 // NVD: CVE-2018-13381

REFERENCES

url:https://www.securityfocus.com/bid/108440

Trust: 2.5

url:https://fortiguard.com/advisory/fg-ir-18-387

Trust: 1.8

url:https://fortiguard.com/advisory/fg-ir-20-232

Trust: 1.8

url:https://fortiguard.com/psirt/fg-ir-18-387

Trust: 1.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-13381

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2019.1822/

Trust: 1.2

url:https://www.fortinet.com/products/fortigate/fortios.html

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13381

Trust: 0.8

url:http://www.fortinet.com/technology/network-os-fortios.html

Trust: 0.6

url:https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn/

Trust: 0.6

url:https://vigilance.fr/vulnerability/fortios-buffer-overflow-via-web-portal-post-message-29467

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2019-25051 // VULHUB: VHN-123435 // VULMON: CVE-2018-13381 // BID: 108440 // JVNDB: JVNDB-2018-015567 // CNNVD: CNNVD-201905-878 // NVD: CVE-2018-13381

CREDITS

Meh Chang and Orange Tsai from DEVCORE Security Research Team

Trust: 0.9

sources: BID: 108440 // CNNVD: CNNVD-201905-878

SOURCES

db:CNVDid:CNVD-2019-25051
db:VULHUBid:VHN-123435
db:VULMONid:CVE-2018-13381
db:BIDid:108440
db:JVNDBid:JVNDB-2018-015567
db:CNNVDid:CNNVD-201905-878
db:NVDid:CVE-2018-13381

LAST UPDATE DATE

2024-08-14T14:56:49.993000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-25051date:2019-07-30T00:00:00
db:VULHUBid:VHN-123435date:2019-08-29T00:00:00
db:VULMONid:CVE-2018-13381date:2021-03-16T00:00:00
db:BIDid:108440date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2018-015567date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201905-878date:2021-03-10T00:00:00
db:NVDid:CVE-2018-13381date:2021-03-16T02:41:08.027

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-25051date:2019-07-30T00:00:00
db:VULHUBid:VHN-123435date:2019-06-04T00:00:00
db:VULMONid:CVE-2018-13381date:2019-06-04T00:00:00
db:BIDid:108440date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2018-015567date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201905-878date:2019-05-22T00:00:00
db:NVDid:CVE-2018-13381date:2019-06-04T21:29:00.313