VDB

CVE-2018-13382

CVE-2018-13382 PUBLISHED KEV CVSS 9.100000381469727 CRITICAL

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

EPSS 87.08% · 99.5th percentile

Risk Scores

CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
87.08%
99.5th percentile

Affected Products

VendorProductVersions
fortinetfortios5.4.1, 6.0.0, 5.4.1
FortinetFortinet FortiOS, FortiProxyFortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8, 5.4.1 to 5.4.10, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7
fortinetfortiproxy0, 0, 2.0.0
Fortinet, Inc.FortiOS5.4.0 to 5.4.6, 5.0 and below, 5.2.0 to 5.2.12

Exploit Intelligence

…and 75 more exploits

Timeline

  • Jan 19, 1970 VulnCheck XDB Entry
  • Jan 19, 1970 VulnCheck XDB Entry
  • Jan 21, 1970 VulnCheck XDB Entry
  • Jun 4, 2019 CVE Published
  • Aug 14, 2019 PoC Published
  • Oct 2, 2019 VulnCheck KEV Exploitation
  • Nov 19, 2020 PoC Published
  • Apr 14, 2021 EPSS Score
  • Aug 12, 2021 VulnCheck KEV Exploitation
  • Jan 10, 2022 CISA KEV Added
  • Feb 4, 2022 EPSS Score
  • Jun 13, 2022 PoC Published

References

…and 8 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›