CVE-2018-13383

moderate-risk
Published 2019-05-29

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

Do I need to act?

~
1.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (3)

Affected Vendors

Fortinet

References (5)

Mitigation https://fortiguard.com/advisory/FG-IR-18-388
Vendor Advisory https://fortiguard.com/advisory/FG-IR-20-229
Mitigation https://fortiguard.com/advisory/FG-IR-18-388
Vendor Advisory https://fortiguard.com/advisory/FG-IR-20-229
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-...
38
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 11/34 · Low
Exposure 9/34 · Low