CNVD-2019-16485 — Vulnetix

CNVD-2019-16485 PUBLISHED CVSS 9.100000381469727 CRITICAL

Fortinet FortiOS是美国飞塔（Fortinet）公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS 6.0.0版本至6.0.4版本、5.6.0版本至5.6.8版本和5.4.1版本至5.4.10版本中的SSL VPN Web门户存在存在授权问题漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。目前没有详细的漏洞细节提供

Risk Scores

CVSS v3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

Vendor	Product	Versions
Fortinet	Fortinet FortiOS, FortiProxy	FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8, 5.4.1 to 5.4.10, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7

Exploit Intelligence

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13382 (circl)
https://fortiguard.com/advisory/FG-IR-18-389 (circl)
https://www.fortiguard.com/psirt/FG-IR-20-231 (circl)
CIRCL exploited: CVE-2018-13382 (circl-sighting)
CIRCL seen: CVE-2018-13382 (circl-sighting)
CIRCL seen: CVE-2018-13382 (circl-sighting)
CIRCL seen: CVE-2018-13382 (circl-sighting)
CIRCL seen: CVE-2018-13382 (circl-sighting)

Timeline

Nov 29, 2017 CVE Published
Jun 13, 2022 PoC Published
Jun 14, 2023 PoC Published
Dec 24, 2024 PoC Published
Feb 23, 2025 PoC Published
Feb 2, 2026 PoC Published

References

Open in Interactive Console →