ghsa-chg2-j3mj-m3rj
Vulnerability from github
Published
2022-05-24 16:47
Modified
2024-07-24 18:31
Severity
Details
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.
{
"affected": [],
"aliases": [
"CVE-2018-13382"
],
"database_specific": {
"cwe_ids": [
"CWE-285",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-04T21:29:00Z",
"severity": "HIGH"
},
"details": "An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.",
"id": "GHSA-chg2-j3mj-m3rj",
"modified": "2024-07-24T18:31:14Z",
"published": "2022-05-24T16:47:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13382"
},
{
"type": "WEB",
"url": "https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn"
},
{
"type": "WEB",
"url": "https://fortiguard.com/advisory/FG-IR-18-389"
},
{
"type": "WEB",
"url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
},
{
"type": "WEB",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-231"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/160130/Fortinet-FortiOS-6.0.4-Password-Modification.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108697"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Loading...