Details of VAR-202004-1517

ID

VAR-202004-1517

CVE

CVE-2018-13371

TITLE

FortiOS Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2018-016248

DESCRIPTION

An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component. FortiOS There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Security vulnerabilities exist in Fortinet FortiOS 6.0.2 and prior, 5.6.7 and prior, and 5.4.10 and prior

Trust: 1.71

sources: NVD: CVE-2018-13371 // JVNDB: JVNDB-2018-016248 // VULHUB: VHN-123424

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	lte	version:	6.0.2	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lte	version:	5.4.10	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	5.6.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lte	version:	5.6.7	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-016248 // NVD: CVE-2018-13371

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13371
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2018-016248
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201904-247
value:	HIGH
Trust: 0.6
VULHUB:	VHN-123424
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-13371
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2018-016248
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-123424
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-13371
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2018-016248
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-123424 // JVNDB: JVNDB-2018-016248 // CNNVD: CNNVD-201904-247 // NVD: CVE-2018-13371

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-123424 // JVNDB: JVNDB-2018-016248 // NVD: CVE-2018-13371

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-247

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-247

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016248

PATCH

title:	FG-IR-18-230	url:	https://fortiguard.com/psirt/FG-IR-18-230	Trust: 0.8
title:	Fortinet FortiOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91102	Trust: 0.6

sources: JVNDB: JVNDB-2018-016248 // CNNVD: CNNVD-201904-247

EXTERNAL IDS

db:	NVD	id:	CVE-2018-13371	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-016248	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-247	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1155	Trust: 0.6
db:	CNVD	id:	CNVD-2020-23174	Trust: 0.1
db:	VULHUB	id:	VHN-123424	Trust: 0.1

sources: VULHUB: VHN-123424 // JVNDB: JVNDB-2018-016248 // CNNVD: CNNVD-201904-247 // NVD: CVE-2018-13371

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-18-230	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13371	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13371	Trust: 0.8
url:	https://fortiguard.com/psirt/fg-ir-18-230	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/78486	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fortios-privilege-escalation-via-zebos-routing-settings-change-28945	Trust: 0.6

sources: VULHUB: VHN-123424 // JVNDB: JVNDB-2018-016248 // CNNVD: CNNVD-201904-247 // NVD: CVE-2018-13371

SOURCES

db:	VULHUB	id:	VHN-123424
db:	JVNDB	id:	JVNDB-2018-016248
db:	CNNVD	id:	CNNVD-201904-247
db:	NVD	id:	CVE-2018-13371

LAST UPDATE DATE

2024-08-14T15:17:36.630000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-123424	date:	2020-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-016248	date:	2020-04-21T00:00:00
db:	CNNVD	id:	CNNVD-201904-247	date:	2020-04-07T00:00:00
db:	NVD	id:	CVE-2018-13371	date:	2020-04-03T18:53:23.173

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-123424	date:	2020-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-016248	date:	2020-04-21T00:00:00
db:	CNNVD	id:	CNNVD-201904-247	date:	2019-04-04T00:00:00
db:	NVD	id:	CVE-2018-13371	date:	2020-04-02T14:15:14.217