CVE-2018-13374 - Fortinet FortiOS and FortiADC Improper Access Control Vulnerability
Project:Fortinet
Product:FortiOS and FortiADC
Date Added:2022-09-08Due Date:2022-09-29
Vulnerability Name
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability
Description
Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://www.fortiguard.com/psirt/FG-IR-18-157
https://nvd.nist.gov/vuln/detail/CVE-2018-13374