Vulnerability Description
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortiproxy | < 1.2.9 |
| Fortinet | Fortios | >= 5.2.0, < 5.2.15 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/advisory/FG-IR-18-388MitigationVendor Advisory
- https://fortiguard.com/advisory/FG-IR-20-229Vendor Advisory
- https://fortiguard.com/advisory/FG-IR-18-388MitigationVendor Advisory
- https://fortiguard.com/advisory/FG-IR-20-229Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-US Government Resource
FAQ
What is CVE-2018-13383?
CVE-2018-13383 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cau...
How severe is CVE-2018-13383?
CVE-2018-13383 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-13383?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiproxy, Fortinet Fortios.