Main Vulnerability Database Vulnerabilities #VU16173

Information disclosure in FortiOS - CVE-2018-13366

Published: November 29, 2018

Vulnerability identifier: #VU16173

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-13366

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Fortinet, Inc

Affected software:
FortiOS

Detailed vulnerability description

The vulnerability allows a remote to obtain potentially sensitive information.

The weakness exists due to Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of PPTP protocol. A remote attacker can gain access to arbitrary data.

How to mitigate CVE-2018-13366

Update to version 6.0.2.

Sources

https://fortiguard.com/psirt/FG-IR-18-101

Information disclosure in FortiOS - CVE-2018-13366

Detailed vulnerability description

How to mitigate CVE-2018-13366

Sources

Please verify you're human