Vulnerability Description
An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortios | <= 5.2.12 |
References
- http://www.securityfocus.com/bid/106036Third Party AdvisoryVDB Entry
- https://fortiguard.com/advisory/FG-IR-18-325Vendor Advisory
- https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txtExploitThird Party Advisory
- http://www.securityfocus.com/bid/106036Third Party AdvisoryVDB Entry
- https://fortiguard.com/advisory/FG-IR-18-325Vendor Advisory
- https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txtExploitThird Party Advisory
FAQ
What is CVE-2018-13376?
CVE-2018-13376 is a vulnerability with a CVSS score of 7.5 (HIGH). An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to b...
How severe is CVE-2018-13376?
CVE-2018-13376 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-13376?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortios.