Main Vulnerability Database Vulnerabilities #VU16163

#VU16163 Information disclosure in FortiOS - CVE-2018-13376

Published: November 22, 2018 / Updated: November 29, 2018

Vulnerability identifier: #VU16163

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-13376

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiOS

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages. A remote attacker can trigger memory leak and access sensitive data be displayed in the HTTP response.

Remediation

The vulnerability has been fixed in the versions 5.4.8, 5.6.4 and 6.0.0.

External links

https://fortiguard.com/psirt/FG-IR-18-325

#VU16163 Information disclosure in FortiOS - CVE-2018-13376

Description

Remediation

External links

Please verify you're human