A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/advisory/FG-IR-18-157 | Vendor Advisory |
| https://fortiguard.com/advisory/FG-IR-18-157 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:46
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fortiguard.com/advisory/FG-IR-18-157 - Vendor Advisory |
24 Oct 2024, 13:58
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:* |
28 Jun 2024, 14:04
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Fortinet fortiadc
|
|
| CPE | cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:* |
Information
Published : 2019-01-22 14:29
Updated : 2025-01-27 21:30
NVD link : CVE-2018-13374
Mitre link : CVE-2018-13374
CVE.ORG link : CVE-2018-13374
JSON object : View
Products Affected
fortinet
- fortios
- fortiadc
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource