GSD-2018-13382 — Vulnetix

GSD-2018-13382 PUBLISHED CVSS 9.100000381469727 CRITICAL

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

Risk Scores

CVSS v3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

Vendor	Product	Versions
Fortinet	Fortinet FortiOS, FortiProxy	FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8, 5.4.1 to 5.4.10, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7

Timeline

Nov 29, 2017 CVE Published
Jun 13, 2022 PoC Published
Jun 14, 2023 PoC Published
Dec 24, 2024 PoC Published
Feb 23, 2025 PoC Published
Feb 2, 2026 PoC Published

References

https://fortiguard.com/advisory/FG-IR-18-389 url
https://www.fortiguard.com/psirt/FG-IR-20-231 url
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13382 advisory

Open in Interactive Console →