cvelistv5 - cve-2018-13376

CVE-2018-13376 (GCVE-0-2018-13376)

Vulnerability from cvelistv5 – Published: 2018-11-27 15:00 – Updated: 2024-10-25 14:31

Summary

Severity ?

No CVSS data available.

CWE

Information disclosure

Assigner

fortinet

References

URL

Tags

	http://www.securityfocus.com/bid/106036	vdb-entryx_refsource_BID
	https://herolab.usd.de/wp-content/uploads/sites/4…	x_refsource_MISC
	https://fortiguard.com/advisory/FG-IR-18-325	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Fortinet, Inc.	Fortinet FortiOS	Affected: FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:00:35.117Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106036",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106036"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-18-325"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-13376",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:09:58.734329Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:31:22.847Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiOS",
          "vendor": "Fortinet, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions"
            }
          ]
        }
      ],
      "datePublic": "2018-11-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy\u0027s disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-17T14:57:01",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "106036",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106036"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-18-325"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2018-13376",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy\u0027s disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106036",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106036"
            },
            {
              "name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt",
              "refsource": "MISC",
              "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt"
            },
            {
              "name": "https://fortiguard.com/advisory/FG-IR-18-325",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-18-325"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2018-13376",
    "datePublished": "2018-11-27T15:00:00",
    "dateReserved": "2018-07-06T00:00:00",
    "dateUpdated": "2024-10-25T14:31:22.847Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.2.12\", \"matchCriteriaId\": \"E87EA862-D58B-4C52-BFF0-54B8D01BC569\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.4.6\", \"versionEndIncluding\": \"5.4.7\", \"matchCriteriaId\": \"4200DCE0-8A28-4E77-A687-E89C582B7D30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.6.1\", \"versionEndIncluding\": \"5.6.3\", \"matchCriteriaId\": \"15CA187D-7F6A-454C-9E95-EE61D578EC10\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy\u0027s disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.\"}, {\"lang\": \"es\", \"value\": \"Existe una fuga del b\\u00fafer de memoria sin inicializar en Fortinet FortiOS, de la versi\\u00f3n 5.6.1 a la 5.6.3, de la versi\\u00f3n 5.4.6 a la 5.4.7 y en todas las versiones desde la 5.2 bajo las p\\u00e1ginas web de renuncia de respuesta del proxy web, lo que podr\\u00eda provocar que los datos sensibles se muestren en la respuesta HTTP.\"}]",
      "id": "CVE-2018-13376",
      "lastModified": "2024-11-21T03:46:59.020",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-11-27T15:29:00.227",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/106036\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-18-325\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt\", \"source\": \"psirt@fortinet.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/106036\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-18-325\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "psirt@fortinet.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-13376\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2018-11-27T15:29:00.227\",\"lastModified\":\"2024-11-21T03:46:59.020\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy\u0027s disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.\"},{\"lang\":\"es\",\"value\":\"Existe una fuga del b\u00fafer de memoria sin inicializar en Fortinet FortiOS, de la versi\u00f3n 5.6.1 a la 5.6.3, de la versi\u00f3n 5.4.6 a la 5.4.7 y en todas las versiones desde la 5.2 bajo las p\u00e1ginas web de renuncia de respuesta del proxy web, lo que podr\u00eda provocar que los datos sensibles se muestren en la respuesta HTTP.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2.12\",\"matchCriteriaId\":\"E87EA862-D58B-4C52-BFF0-54B8D01BC569\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.6\",\"versionEndIncluding\":\"5.4.7\",\"matchCriteriaId\":\"4200DCE0-8A28-4E77-A687-E89C582B7D30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.6.1\",\"versionEndIncluding\":\"5.6.3\",\"matchCriteriaId\":\"15CA187D-7F6A-454C-9E95-EE61D578EC10\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106036\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-18-325\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106036\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://fortiguard.com/advisory/FG-IR-18-325\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/106036\", \"name\": \"106036\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-18-325\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T09:00:35.117Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-13376\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-24T20:09:58.734329Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-25T14:18:09.131Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Fortinet, Inc.\", \"product\": \"Fortinet FortiOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions\"}]}], \"datePublic\": \"2018-11-27T00:00:00\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/106036\", \"name\": \"106036\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-18-325\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy\u0027s disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Information disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2018-12-17T14:57:01\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions\"}]}, \"product_name\": \"Fortinet FortiOS\"}]}, \"vendor_name\": \"Fortinet, Inc.\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securityfocus.com/bid/106036\", \"name\": \"106036\", \"refsource\": \"BID\"}, {\"url\": \"https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt\", \"name\": \"https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt\", \"refsource\": \"MISC\"}, {\"url\": \"https://fortiguard.com/advisory/FG-IR-18-325\", \"name\": \"https://fortiguard.com/advisory/FG-IR-18-325\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy\u0027s disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Information disclosure\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-13376\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@fortinet.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-13376\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-25T14:31:22.847Z\", \"dateReserved\": \"2018-07-06T00:00:00\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2018-11-27T15:00:00\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2018-AVI-570

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Fortinet FortiOS. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 5.4.6 à 5.4.7
Fortinet	FortiOS	FortiOS versions 5.6.1 à 5.6.3
Fortinet	FortiOS	FortiOS versions 5.2.12 et postérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-18-325 du 22 novembre 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 5.4.6 \u00e0 5.4.7",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 5.6.1 \u00e0 5.6.3",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 5.2.12 et post\u00e9rieures",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-13376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13376"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-570",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-11-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiOS. Elle permet \u00e0\nun attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-325 du 22 novembre 2018",
      "url": "https://fortiguard.com/psirt/FG-IR-18-325"
    }
  ]
}

CERTFR-2018-AVI-570

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Fortinet FortiOS. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 5.4.6 à 5.4.7
Fortinet	FortiOS	FortiOS versions 5.6.1 à 5.6.3
Fortinet	FortiOS	FortiOS versions 5.2.12 et postérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-18-325 du 22 novembre 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 5.4.6 \u00e0 5.4.7",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 5.6.1 \u00e0 5.6.3",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 5.2.12 et post\u00e9rieures",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-13376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13376"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-570",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-11-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiOS. Elle permet \u00e0\nun attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-325 du 22 novembre 2018",
      "url": "https://fortiguard.com/psirt/FG-IR-18-325"
    }
  ]
}

GHSA-2VHW-3H86-29H4

Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-05-13 01:49

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-13376"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-27T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy\u0027s disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.",
  "id": "GHSA-2vhw-3h86-29h4",
  "modified": "2022-05-13T01:49:47Z",
  "published": "2022-05-13T01:49:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13376"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-18-325"
    },
    {
      "type": "WEB",
      "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106036"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-13376

Vulnerability from fkie_nvd - Published: 2018-11-27 15:29 - Updated: 2024-11-21 03:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@fortinet.com	http://www.securityfocus.com/bid/106036	Third Party Advisory, VDB Entry
psirt@fortinet.com	https://fortiguard.com/advisory/FG-IR-18-325	Vendor Advisory
psirt@fortinet.com	https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106036	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/advisory/FG-IR-18-325	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
fortinet	fortios	*
fortinet	fortios	*
fortinet	fortios	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E87EA862-D58B-4C52-BFF0-54B8D01BC569",
              "versionEndIncluding": "5.2.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4200DCE0-8A28-4E77-A687-E89C582B7D30",
              "versionEndIncluding": "5.4.7",
              "versionStartIncluding": "5.4.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15CA187D-7F6A-454C-9E95-EE61D578EC10",
              "versionEndIncluding": "5.6.3",
              "versionStartIncluding": "5.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy\u0027s disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response."
    },
    {
      "lang": "es",
      "value": "Existe una fuga del b\u00fafer de memoria sin inicializar en Fortinet FortiOS, de la versi\u00f3n 5.6.1 a la 5.6.3, de la versi\u00f3n 5.4.6 a la 5.4.7 y en todas las versiones desde la 5.2 bajo las p\u00e1ginas web de renuncia de respuesta del proxy web, lo que podr\u00eda provocar que los datos sensibles se muestren en la respuesta HTTP."
    }
  ],
  "id": "CVE-2018-13376",
  "lastModified": "2024-11-21T03:46:59.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-27T15:29:00.227",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106036"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-18-325"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-18-325"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201811-0161

Vulnerability from variot - Updated: 2023-12-18 12:00

An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. Fortinet FortiOS Contains a resource management vulnerability.Information may be obtained. Fortinet FortiOS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. FortiOS 5.6.1 through 5.6.3, 5.4.6 through 5.4.7, and 5.2.12 and later are vulnerable. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. Security vulnerabilities exist in Fortinet FortiOS versions 5.6.1 through 5.6.3, 5.4.6 through 5.4.7, and 5.2

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0161",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.4.7"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.4.6"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.12"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.3"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.6.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.6.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.4.7"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.4.6"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.2.12"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.6.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.4.6 to  5.4.7"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.6.1 to  5.6.3"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.4"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.8"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106036"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012317"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13376"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-749"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.7",
                "versionStartIncluding": "5.4.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.3",
                "versionStartIncluding": "5.6.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-13376"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "usd AG",
    "sources": [
      {
        "db": "BID",
        "id": "106036"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-13376",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-13376",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-123429",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-13376",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-13376",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201811-749",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-123429",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123429"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012317"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13376"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-749"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy\u0027s disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. Fortinet FortiOS Contains a resource management vulnerability.Information may be obtained. Fortinet FortiOS is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. \nFortiOS 5.6.1 through 5.6.3, 5.4.6 through 5.4.7, and 5.2.12 and later are vulnerable. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. Security vulnerabilities exist in Fortinet FortiOS versions 5.6.1 through 5.6.3, 5.4.6 through 5.4.7, and 5.2",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-13376"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012317"
      },
      {
        "db": "BID",
        "id": "106036"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123429"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-13376",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "106036",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012317",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-749",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-123429",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123429"
      },
      {
        "db": "BID",
        "id": "106036"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012317"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13376"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-749"
      }
    ]
  },
  "id": "VAR-201811-0161",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123429"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:00:53.984000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-18-325",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-18-325"
      },
      {
        "title": "Fortinet FortiOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87011"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012317"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-749"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-399",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123429"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012317"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13376"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/106036"
      },
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-18-325"
      },
      {
        "trust": 1.7,
        "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13376"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13376"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.3,
        "url": "https://fortiguard.com/psirt/fg-ir-18-325"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123429"
      },
      {
        "db": "BID",
        "id": "106036"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012317"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13376"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-749"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-123429"
      },
      {
        "db": "BID",
        "id": "106036"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012317"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13376"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-749"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123429"
      },
      {
        "date": "2018-11-22T00:00:00",
        "db": "BID",
        "id": "106036"
      },
      {
        "date": "2019-01-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012317"
      },
      {
        "date": "2018-11-27T15:29:00.227000",
        "db": "NVD",
        "id": "CVE-2018-13376"
      },
      {
        "date": "2018-11-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-749"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123429"
      },
      {
        "date": "2018-11-22T00:00:00",
        "db": "BID",
        "id": "106036"
      },
      {
        "date": "2019-01-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012317"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2018-13376"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-749"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-749"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiOS Resource management vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012317"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-749"
      }
    ],
    "trust": 0.6
  }
}

GSD-2018-13376

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-13376

Aliases

CVE-2018-13376

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-13376",
    "description": "An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy\u0027s disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.",
    "id": "GSD-2018-13376"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-13376"
      ],
      "details": "An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy\u0027s disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.",
      "id": "GSD-2018-13376",
      "modified": "2023-12-13T01:22:27.284451Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2018-13376",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fortinet FortiOS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy\u0027s disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "106036",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106036"
          },
          {
            "name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt",
            "refsource": "MISC",
            "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt"
          },
          {
            "name": "https://fortiguard.com/advisory/FG-IR-18-325",
            "refsource": "CONFIRM",
            "url": "https://fortiguard.com/advisory/FG-IR-18-325"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.4.7",
                "versionStartIncluding": "5.4.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.3",
                "versionStartIncluding": "5.6.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2018-13376"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy\u0027s disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-18-325",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/advisory/FG-IR-18-325"
            },
            {
              "name": "106036",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/106036"
            },
            {
              "name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-11-27T15:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-13376 (GCVE-0-2018-13376)

CERTFR-2018-AVI-570

Solution

CERTFR-2018-AVI-570

Solution

GHSA-2VHW-3H86-29H4

FKIE_CVE-2018-13376

VAR-201811-0161

GSD-2018-13376

Tags

Sightings

Nomenclature