CVE-2018-13374 - Fortinet FortiOS and FortiADC Improper Access Control Vulnerability
CVE-2018-13374
Fortinet | FortiOS and FortiADC
- Date Added:
- 2022-09-08
- Due Date:
- 2022-09-29
- Vulnerability Name
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability
- Description
Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.
- Known To Be Used in Ransomware Campaigns?
Known
- Action
Apply updates per vendor instructions.
- Additional Notes
- https://www.fortiguard.com/psirt/FG-IR-18-157; https://nvd.nist.gov/vuln/detail/CVE-2018-13374
Free security scan for your website