VDB
CVE-2021-24012
CVE-2021-24012
PUBLISHED
CVSS 9.100000381469727 CRITICAL
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests
EPSS 0.21% · 43.1th percentile
Risk Scores
CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.21%
43.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortinet FortiOS, FortiProxy | FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8, 5.4.1 to 5.4.10, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 |
Exploit Intelligence
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13382 (circl)
- https://fortiguard.com/advisory/FG-IR-18-389 (circl)
- https://www.fortiguard.com/psirt/FG-IR-20-231 (circl)
- CIRCL exploited: CVE-2018-13382 (circl-sighting)
- CIRCL seen: CVE-2018-13382 (circl-sighting)
- CIRCL seen: CVE-2018-13382 (circl-sighting)
- CIRCL seen: CVE-2018-13382 (circl-sighting)
- CIRCL seen: CVE-2018-13382 (circl-sighting)
Timeline
- Jun 2, 2021 CVE Published
- Jun 3, 2021 EPSS Score
- Aug 5, 2021 EPSS Score
- Oct 5, 2021 EPSS Score
- Dec 5, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 6, 2022 EPSS Score
- Jun 6, 2022 EPSS Score
- Jun 13, 2022 PoC Published
- Aug 7, 2022 EPSS Score
- Oct 7, 2022 EPSS Score
References
- https://www.fortiguard.com/psirt/FG-IR-21-002 advisory
- https://www.fortiguard.com/psirt/FG-IR-20-049 advisory
- https://www.fortiguard.com/psirt/FG-IR-20-231 advisory
- https://www.fortiguard.com/psirt/FG-IR-21-006 advisory
- https://www.fortiguard.com/psirt/FG-IR-18-157 advisory
- https://www.fortiguard.com/psirt/FG-IR-21-001 advisory
- https://www.fortiguard.com/psirt/FG-IR-20-233 advisory
- https://www.fortiguard.com/psirt/FG-IR-20-147 advisory
- https://www.fortiguard.com/psirt/FG-IR-21-018 advisory
- https://www.fortiguard.com/psirt/FG-IR-20-137 advisory
- https://www.fortiguard.com/psirt/FG-IR-20-120 advisory
- https://www.fortiguard.com/psirt/FG-IR-20-199 advisory
- https://www.fortiguard.com/psirt/FG-IR-21-026 advisory
- https://fortiguard.com/advisory/FG-IR-18-389 url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13382 url