Information disclosure in FortiOS

#VU16172 Information disclosure in FortiOS

Published: 2021-06-17 | Updated: 2022-09-08

Vulnerability identifier: #VU16172

Vulnerability risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2018-13374

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
FortiOS
Operating systems & Components / Operating system

Vendor: Fortinet, Inc

Description
The vulnerability allows a local attacker with admin privileges to obtain potentially sensitive information.

The weakness exists due to information exposure. A Fortigate's read-only admin can point a LDAP server connectivity test request to a rogue LDAP server instead of the configured one to obtain the LDAP server login credentials configured in the FortiGate.

Mitigation
Update to version 6.0.3.

Vulnerable software versions

FortiOS: 6.0.0 - 6.0.2

External links
http://fortiguard.com/psirt/FG-IR-18-157

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Information disclosure vulnerabilities in Fortinet FortiOS