CVE-2018-13371 — Improper Input Validation in Fortinet Fortios

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 32.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortios

Timeline

PublishedApr 2

Latest updateMay 24

Description

An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortios5.6.0 — 5.6.7+2

▶CVEListV5fortinet/fortinet_fortios5.4.10 and below, 5.6.7 and below, 6.2.0 and below versions+2

🔴Vulnerability Details

GHSA

GHSA-8g7g-r3j2-29p8: An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via conne↗2022-05-24

▶

CVEList

CVE-2018-13371: An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via conne↗2020-04-02

▶

📋Vendor Advisories

Fortinet

An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing se...↗2020-04-02

▶