CVE-2018-13367Sensitive Information Exposure in Fortinet Fortios

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 40.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortios
Timeline
PublishedAug 23
Latest updateMay 24

Description

An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDfortinet/fortios6.2.0
CVEListV5fortinet/fortios6.2.0 and below, 6.2.3+1

🔴Vulnerability Details

2
GHSA
GHSA-5pqg-ggp8-3536: An information exposure vulnerability in FortiOS 62022-05-24
CVEList
CVE-2018-13367: An information exposure vulnerability in FortiOS 62019-08-23

📋Vendor Advisories

1
Fortinet
An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain pl...2019-08-23
CVE-2018-13367 — Sensitive Information Exposure | cvebase