CVE-2018-13382

MEDIUM

Description

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.

References

http://www.securityfocus.com/bid/108697

https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn/

https://fortiguard.com/advisory/FG-IR-18-389

https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf

Details

Source: MITRE

Published: 2019-06-04

Updated: 2019-06-11

Type: CWE-285

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (2 total)

ID	Name	Product	Family	Severity
125894	Fortinet FortiOS (Mac OS X) 5.4.1 < 5.4.11 / 5.6.x < 5.6.9 / 6.0.x < 6.0.5 SSL VPN Security Bypass (FG-IR-18-389)	Nessus	MacOS X Local Security Checks	medium
125888	Fortinet FortiOS 5.4.1 < 5.4.11 / 5.6.x < 5.6.9 / 6.0.x < 6.0.5 SSL VPN Security Bypass (FG-IR-18-389)	Nessus	Firewalls	medium