CVE-2018-13382

high

Description

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

References

Tenable Blogs
More

https://www.tenable.com/blog/hold-the-door-why-organizations-need-to-prioritize-patching-ssl-vpns

https://www.tenable.com/blog/cve-2018-13379-cve-2019-11510-fortigate-and-pulse-connect-secure-vulnerabilities-exploited-in

https://www.fortiguard.com/psirt/FG-IR-20-231

https://fortiguard.com/advisory/FG-IR-18-389

Details

Source: Mitre, NVD

Published: 2019-06-04

Updated: 2025-01-27

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.8646