logo

CVE-2018-13374 - Fortinet FortiOS and FortiADC Improper Access Control Vulnerability

CVE-2018-13374

Fortinet | FortiOS and FortiADC

  • Date Added:
  • 2022-09-08
  • Due Date:
  • 2022-09-29
Vulnerability Name

Fortinet FortiOS and FortiADC Improper Access Control Vulnerability

Description

Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes
https://www.fortiguard.com/psirt/FG-IR-18-157; https://nvd.nist.gov/vuln/detail/CVE-2018-13374

Free security scan for your website