PULSE
LIVE37signals / 24h
FEED
ransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomplay reclama a Svensk Direktreklam · SE · Business Servicesransomchaos reclama a radiax.com · US · Technologyransominterlock reclama a Converting Equipment International · GB · Manufacturingransomblack x reclama a sanaa · YE · Not Foundransomthegentlemen reclama a Tangram Interiors · GB · Business Servicesransomthegentlemen reclama a BRAC · BD · Business Servicesransomthegentlemen reclama a Customs Watch · US · Public Sectorransomthegentlemen reclama a Gallant · FI · Not Foundransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomplay reclama a Svensk Direktreklam · SE · Business Servicesransomchaos reclama a radiax.com · US · Technologyransominterlock reclama a Converting Equipment International · GB · Manufacturingransomblack x reclama a sanaa · YE · Not Foundransomthegentlemen reclama a Tangram Interiors · GB · Business Servicesransomthegentlemen reclama a BRAC · BD · Business Servicesransomthegentlemen reclama a Customs Watch · US · Public Sectorransomthegentlemen reclama a Gallant · FI · Not Found
← All CVEs
CVE Watch

CVE-2018-13382

Fortinet FortiOS and FortiProxy Improper Authorization

CVSS

No CVSS

EPSS

81.7%

p100

KEV

YES

Jan 10, 2022

Exploit Today

80

0-100

Published: · Last modified:

EPSS · 30d
81.7%EPSS · 30 days81.7%
2026-06-302026-07-16
KEV catalog record

Product

Fortinet / FortiOS and FortiProxy

Vulnerability

Fortinet FortiOS and FortiProxy Improper Authorization

Added to KEV

Jan 10, 2022

Remediate by

Jul 10, 2022

Known ransomware use

Yes

Summary description

An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.

Required action

Apply updates per vendor instructions.

Notes

https://nvd.nist.gov/vuln/detail/CVE-2018-13382

Related CVEs
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2024-555919.8 CRI
99.9%
KEV80Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability8d
CVE-2018-13383
98.2%
KEV79Fortinet FortiOS and FortiProxy Out-of-bounds Write
CVE-2025-244728.1 HIG
86.2%
KEV76Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability8d