|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-13382
|CWE ID|| CWE-285
|Public exploit||Public exploit code for vulnerability #1 is available.|
Operating systems & Components / Operating system
This security advisory describes one high risk vulnerability.
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C] [PCI]
CWE-285 - Improper Authorization
Exploit availability: YesDescription
The vulnerability allows a remote attacker to bypass authorization.
The vulnerability exists due to unspecified error within the SSL VPN web portal when processing HTTP requests. A remote non-authenticated attacker can send a specially crafted HTTP request to the SSL VPN web portal and change password for arbitrary account.
Successful exploitation of the vulnerability may allow an attacker to login to the SSL VPN web portal with a new password and gain unauthorized access to network resources.Mitigation
Install updates from vendor's website.
As a workaround, the vendor recommends disabling the SSL-VPN web portal service:
config vpn ssl settingsVulnerable software versions
FortiOS: 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.