⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-07-10.

CVE-2018-13382Incorrect Authorization in Fortinet Fortios

CWE-863Incorrect AuthorizationCWE-285Improper Authorization9 documents8 sources
Severity
7.5HIGHNVD
CNA9.1VulnCheck9.1
EPSS
85.3%
top 0.63%
CISA KEV
KEVRansomware
Added 2022-01-10
Due 2022-07-10
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Fortinet FortiosFortinet Fortiproxy
Timeline
PublishedJun 4
KEV addedJan 10
Latest updateMay 24
KEV dueJul 10
CISA Required Action: Apply updates per vendor instructions.

Description

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortios5.4.15.4.11+2
NVDfortinet/fortiproxy< 1.2.9+1

🔴Vulnerability Details

3
GHSA
GHSA-chg2-j3mj-m3rj: An Improper Authorization vulnerability in Fortinet FortiOS 62022-05-24
CVEList
CVE-2018-13382: An Improper Authorization vulnerability in Fortinet FortiOS 62019-06-04
VulnCheck
Fortinet FortiOS and FortiProxy Improper Authorization2018

💥Exploits & PoCs

1
Exploit-DB
Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification2020-11-19

🔍Detection Rules

1
Suricata
ET EXPLOIT FortiOS SSL VPN - Improper Authorization Vulnerability (CVE-2018-13382)2019-08-14

📋Vendor Advisories

3
CISA
Fortinet FortiOS and FortiProxy Improper Authorization2022-01-10
Fortinet
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and Forti...2019-06-04
Fortinet
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and Forti...2019-06-04
CVE-2018-13382 — Incorrect Authorization in Fortinet | cvebase