Vulnerabilities > CVE-2018-13376 - Unspecified vulnerability in Fortinet Fortios
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.
Vulnerable Configurations
Nessus
NASL family | Firewalls |
NASL id | FORTIOS_FG-IR-18-325.NASL |
description | The remote host is running FortiOS 5.12.x greater than or equal to 5.2.12, 5.4.6, 5.4.7, 5.6.1 up to 5.6.3. It is, therefore, affected by an error related to the web proxy disclaimer web pages that allows disclosure of uninitialized memory buffers. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 119421 |
published | 2018-12-05 |
reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/119421 |
title | Fortinet FortiGate 5.2.x >= 5.2.12 / 5.4.6 - 5.4.7 / 5.6.1 - 5.6.3 Information Disclosure (FG-IR-18-325) |
code |
|
References
- http://www.securityfocus.com/bid/106036
- http://www.securityfocus.com/bid/106036
- https://fortiguard.com/advisory/FG-IR-18-325
- https://fortiguard.com/advisory/FG-IR-18-325
- https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt
- https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt