CVE-2018-13382
Fortinet FortiOS and FortiProxy Improper Authorization
CVSS
—
No CVSS
EPSS
81.7%
p100
KEV
YES
Jan 10, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
81.7%EPSS · 30 days81.7%
2026-06-302026-07-16
Product
Fortinet / FortiOS and FortiProxy
Vulnerability
Fortinet FortiOS and FortiProxy Improper Authorization
Added to KEV
Jan 10, 2022
Remediate by
Jul 10, 2022
Known ransomware use
Yes
Summary description
An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-13382
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2024-555919.8 CRI99.9%
KEV—80Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability8dCVE-2018-13383—98.2%
KEV—79Fortinet FortiOS and FortiProxy Out-of-bounds Write—CVE-2025-244728.1 HIG86.2%
KEV—76Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability8d