CVE-2018-13374
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability
CVSS
—
No CVSS
EPSS
38.1%
p98
KEV
YES
Sep 8, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Fortinet / FortiOS and FortiADC
Vulnerability
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability
Added to KEV
Sep 8, 2022
Remediate by
Sep 29, 2022
Known ransomware use
Yes
Summary description
Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.
Required action
Apply updates per vendor instructions.
Notes
https://www.fortiguard.com/psirt/FG-IR-18-157; https://nvd.nist.gov/vuln/detail/CVE-2018-13374
No related CVEs by CWE or product.