Details of VAR-201906-0819

ID

VAR-201906-0819

CVE

CVE-2018-13384

TITLE

Fortinet FortiOS Open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015562

DESCRIPTION

A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains. Fortinet FortiOS Contains an open redirect vulnerability.Information may be obtained and information may be altered. Fortinet FortiOS is prone to a host header-injection vulnerability because it fails to properly validate an HTTP request header. A successful attack may allow attackers to insert a crafted host header to navigate the victim to the attacker's domain. Versions prior to FortiOS 6.0.5 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Attackers can exploit this vulnerability by sending specially crafted HTTP requests to redirect users to their specified websites

Trust: 1.98

sources: NVD: CVE-2018-13384 // JVNDB: JVNDB-2018-015562 // BID: 108454 // VULHUB: VHN-123438

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	lt	version:	6.0.5	Trust: 1.8
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.7	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.10	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.9	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.7	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.12	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.11	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.13	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.9	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.7	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.7.7	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.19	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.17	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.15	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.10	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.9	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.8	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.2.13	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.2.12	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.1.11	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.1.10	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	2.80	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	2.50	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	2.36	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.9	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.10	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.12	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.11	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.18	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.16	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.14	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.13	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	4.3.12	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	6.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	6.0.5	Trust: 0.3

sources: BID: 108454 // JVNDB: JVNDB-2018-015562 // NVD: CVE-2018-13384

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13384
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-13384
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-879
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-123438
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-13384
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-123438
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-13384
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-123438 // JVNDB: JVNDB-2018-015562 // CNNVD: CNNVD-201905-879 // NVD: CVE-2018-13384

PROBLEMTYPE DATA

problemtype:

CWE-601

Trust: 1.9

sources: VULHUB: VHN-123438 // JVNDB: JVNDB-2018-015562 // NVD: CVE-2018-13384

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-879

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 108454 // CNNVD: CNNVD-201905-879

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015562

PATCH

title:

FG-IR-19-002

url:

https://fortiguard.com/advisory/FG-IR-19-002

Trust: 0.8

sources: JVNDB: JVNDB-2018-015562

EXTERNAL IDS

db:	NVD	id:	CVE-2018-13384	Trust: 2.8
db:	JVNDB	id:	JVNDB-2018-015562	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-879	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1823	Trust: 0.6
db:	BID	id:	108454	Trust: 0.3
db:	VULHUB	id:	VHN-123438	Trust: 0.1

sources: VULHUB: VHN-123438 // BID: 108454 // JVNDB: JVNDB-2018-015562 // CNNVD: CNNVD-201905-879 // NVD: CVE-2018-13384

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-19-002	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13384	Trust: 1.4
url:	https://fortiguard.com/psirt/fg-ir-19-002	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13384	Trust: 0.8
url:	https://vigilance.fr/vulnerability/fortinet-fortios-open-redirect-via-the-vpn-portal-29386	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1823/	Trust: 0.6
url:	https://www.fortinet.com/	Trust: 0.3

sources: VULHUB: VHN-123438 // BID: 108454 // JVNDB: JVNDB-2018-015562 // CNNVD: CNNVD-201905-879 // NVD: CVE-2018-13384

CREDITS

Julio Sanchez.

Trust: 0.3

sources: BID: 108454

SOURCES

db:	VULHUB	id:	VHN-123438
db:	BID	id:	108454
db:	JVNDB	id:	JVNDB-2018-015562
db:	CNNVD	id:	CNNVD-201905-879
db:	NVD	id:	CVE-2018-13384

LAST UPDATE DATE

2024-08-14T15:28:35.432000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-123438	date:	2019-06-05T00:00:00
db:	BID	id:	108454	date:	2018-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-015562	date:	2019-06-17T00:00:00
db:	CNNVD	id:	CNNVD-201905-879	date:	2019-06-06T00:00:00
db:	NVD	id:	CVE-2018-13384	date:	2019-06-05T14:26:09.117

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-123438	date:	2019-06-04T00:00:00
db:	BID	id:	108454	date:	2018-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-015562	date:	2019-06-17T00:00:00
db:	CNNVD	id:	CNNVD-201905-879	date:	2019-05-22T00:00:00
db:	NVD	id:	CVE-2018-13384	date:	2019-06-04T21:29:00.407