ID

VAR-202004-1517


CVE

CVE-2018-13371


TITLE

FortiOS Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2018-016248

DESCRIPTION

An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component. FortiOS There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Security vulnerabilities exist in Fortinet FortiOS 6.0.2 and prior, 5.6.7 and prior, and 5.4.10 and prior

Trust: 1.71

sources: NVD: CVE-2018-13371 // JVNDB: JVNDB-2018-016248 // VULHUB: VHN-123424

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiosscope:lteversion:6.0.2

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.4.10

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:5.6.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiosscope:lteversion:5.6.7

Trust: 1.0

vendor:fortinetmodel:fortiosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-016248 // NVD: CVE-2018-13371

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13371
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016248
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-247
value: HIGH

Trust: 0.6

VULHUB: VHN-123424
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13371
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2018-016248
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-123424
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13371
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2018-016248
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-123424 // JVNDB: JVNDB-2018-016248 // CNNVD: CNNVD-201904-247 // NVD: CVE-2018-13371

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-123424 // JVNDB: JVNDB-2018-016248 // NVD: CVE-2018-13371

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-247

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-247

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016248

PATCH

title:FG-IR-18-230url:https://fortiguard.com/psirt/FG-IR-18-230

Trust: 0.8

title:Fortinet FortiOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91102

Trust: 0.6

sources: JVNDB: JVNDB-2018-016248 // CNNVD: CNNVD-201904-247

EXTERNAL IDS

db:NVDid:CVE-2018-13371

Trust: 2.5

db:JVNDBid:JVNDB-2018-016248

Trust: 0.8

db:CNNVDid:CNNVD-201904-247

Trust: 0.7

db:AUSCERTid:ESB-2019.1155

Trust: 0.6

db:CNVDid:CNVD-2020-23174

Trust: 0.1

db:VULHUBid:VHN-123424

Trust: 0.1

sources: VULHUB: VHN-123424 // JVNDB: JVNDB-2018-016248 // CNNVD: CNNVD-201904-247 // NVD: CVE-2018-13371

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-18-230

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-13371

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13371

Trust: 0.8

url:https://fortiguard.com/psirt/fg-ir-18-230

Trust: 0.6

url:https://www.auscert.org.au/bulletins/78486

Trust: 0.6

url:https://vigilance.fr/vulnerability/fortios-privilege-escalation-via-zebos-routing-settings-change-28945

Trust: 0.6

sources: VULHUB: VHN-123424 // JVNDB: JVNDB-2018-016248 // CNNVD: CNNVD-201904-247 // NVD: CVE-2018-13371

SOURCES

db:VULHUBid:VHN-123424
db:JVNDBid:JVNDB-2018-016248
db:CNNVDid:CNNVD-201904-247
db:NVDid:CVE-2018-13371

LAST UPDATE DATE

2024-08-14T15:17:36.630000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-123424date:2020-04-03T00:00:00
db:JVNDBid:JVNDB-2018-016248date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-201904-247date:2020-04-07T00:00:00
db:NVDid:CVE-2018-13371date:2020-04-03T18:53:23.173

SOURCES RELEASE DATE

db:VULHUBid:VHN-123424date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2018-016248date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-201904-247date:2019-04-04T00:00:00
db:NVDid:CVE-2018-13371date:2020-04-02T14:15:14.217