Vulnerabilities > CVE-2018-13376 - Unspecified vulnerability in Fortinet Fortios

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

fortinet

nessus

NVD

Published: 2018-11-27

Updated: 2019-10-03

Summary

An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.

Vulnerable Configurations

Part	Description	Count
OS	Fortinet Fortinet Fortios 3.1.0 Fortinet Fortios 3.2.0 Fortinet Fortios 3.3.0 Fortinet Fortios 3.3.3 Fortinet Fortios 3.3.5 Fortinet Fortios 3.3.6 Fortinet Fortios 3.3.7 Fortinet Fortios 3.3.8 Fortinet Fortios 3.3.9 Fortinet Fortios 3.3.10 Fortinet Fortios 3.3.11 Fortinet Fortios 3.3.12 Fortinet Fortios 3.3.13 Fortinet Fortios 3.3.14 Fortinet Fortios 3.4.0 Fortinet Fortios 3.4.1 Fortinet Fortios 3.4.2 Fortinet Fortios 3.4.3 Fortinet Fortios 3.4.4 Fortinet Fortios 3.4.5 Fortinet Fortios 3.5.0 Fortinet Fortios 3.5.1 Fortinet Fortios 3.5.2 Fortinet Fortios 3.5.3 Fortinet Fortios 3.5.4 Fortinet Fortios 3.5.5 Fortinet Fortios 3.5.6 Fortinet Fortios 3.5.7 Fortinet Fortios 3.6.0 Fortinet Fortios 3.6.1 Fortinet Fortios 3.6.2 Fortinet Fortios 3.6.3 Fortinet Fortios 3.6.4 Fortinet Fortios 3.6.5 Fortinet Fortios 3.6.6 Fortinet Fortios 3.7.0 Fortinet Fortios 3.7.1 Fortinet Fortios 3.7.2 Fortinet Fortios 3.7.3 Fortinet Fortios 3.7.4 Fortinet Fortios 3.7.5 Fortinet Fortios 3.7.6 Fortinet Fortios 3.7.7 Fortinet Fortios 3.7.8 Fortinet Fortios 3.7.9 Fortinet Fortios 3.7.10 Fortinet Fortios 4.0.0 Fortinet Fortios 4.0.1 Fortinet Fortios 4.0.2 Fortinet Fortios 4.0.3 Fortinet Fortios 4.0.4 Fortinet Fortios 4.1.0 Fortinet Fortios 4.1.1 Fortinet Fortios 4.1.2 Fortinet Fortios 4.1.3 Fortinet Fortios 4.1.4 Fortinet Fortios 4.1.5 Fortinet Fortios 4.1.6 Fortinet Fortios 4.1.7 Fortinet Fortios 4.1.8 Fortinet Fortios 4.1.9 Fortinet Fortios 4.1.10 Fortinet Fortios 4.1.11 Fortinet Fortios 4.2.0 Fortinet Fortios 4.2.1 Fortinet Fortios 4.2.2 Fortinet Fortios 4.2.3 Fortinet Fortios 4.2.4 Fortinet Fortios 4.2.5 Fortinet Fortios 4.2.6 Fortinet Fortios 4.2.7 Fortinet Fortios 4.2.8 Fortinet Fortios 4.2.9 Fortinet Fortios 4.2.10 Fortinet Fortios 4.2.11 Fortinet Fortios 4.2.12 Fortinet Fortios 4.2.13 Fortinet Fortios 4.2.14 Fortinet Fortios 4.2.15 Fortinet Fortios 4.2.16 Fortinet Fortios 4.3.0 Fortinet Fortios 4.3.1 Fortinet Fortios 4.3.2 Fortinet Fortios 4.3.3 Fortinet Fortios 4.3.4 Fortinet Fortios 4.3.5 Fortinet Fortios 4.3.6 Fortinet Fortios 4.3.7 Fortinet Fortios 4.3.8 Fortinet Fortios 4.3.9 Fortinet Fortios 4.3.10 Fortinet Fortios 4.3.11 Fortinet Fortios 4.3.12 Fortinet Fortios 4.3.13 Fortinet Fortios 4.3.14 Fortinet Fortios 4.3.15 Fortinet Fortios 4.3.16 Fortinet Fortios 4.3.17 Fortinet Fortios 4.3.18 Fortinet Fortios 4.3.19 Fortinet Fortios 5.0 Fortinet Fortios 5.0.0 Fortinet Fortios 5.0.1 Fortinet Fortios 5.0.2 Fortinet Fortios 5.0.3 Fortinet Fortios 5.0.4 Fortinet Fortios 5.0.5 Fortinet Fortios 5.0.6 Fortinet Fortios 5.0.7 Fortinet Fortios 5.0.8 Fortinet Fortios 5.0.9 Fortinet Fortios 5.0.10 Fortinet Fortios 5.0.11 Fortinet Fortios 5.0.12 Fortinet Fortios 5.0.13 Fortinet Fortios 5.0.14 Fortinet Fortios 5.2.0 Fortinet Fortios 5.2.1 Fortinet Fortios 5.2.2 Fortinet Fortios 5.2.3 Fortinet Fortios 5.2.4 Fortinet Fortios 5.2.5 Fortinet Fortios 5.2.6 Fortinet Fortios 5.2.7 Fortinet Fortios 5.2.8 Fortinet Fortios 5.2.9 Fortinet Fortios 5.2.10 Fortinet Fortios 5.2.11 Fortinet Fortios 5.2.12 Fortinet Fortios 5.4.6 Fortinet Fortios 5.4.7 Fortinet Fortios 5.6.1 Fortinet Fortios 5.6.2 Fortinet Fortios 5.6.3	134

Nessus

NASL family	Firewalls
NASL id	FORTIOS_FG-IR-18-325.NASL
description	The remote host is running FortiOS 5.12.x greater than or equal to 5.2.12, 5.4.6, 5.4.7, 5.6.1 up to 5.6.3. It is, therefore, affected by an error related to the web proxy disclaimer web pages that allows disclosure of uninitialized memory buffers.
last seen	2020-06-01
modified	2020-06-02
plugin id	119421
published	2018-12-05
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119421
title	Fortinet FortiGate 5.2.x >= 5.2.12 / 5.4.6 - 5.4.7 / 5.6.1 - 5.6.3 Information Disclosure (FG-IR-18-325)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(119421); script_version("1.2"); script_cvs_date("Date: 2019/11/01"); script_cve_id("CVE-2018-13376"); script_bugtraq_id(106036); script_name(english:"Fortinet FortiGate 5.2.x >= 5.2.12 / 5.4.6 - 5.4.7 / 5.6.1 - 5.6.3 Information Disclosure (FG-IR-18-325)"); script_summary(english:"Checks the version of FortiOS."); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by an information disclosure vulnerability."); script_set_attribute(attribute:"description", value: "The remote host is running FortiOS 5.12.x greater than or equal to 5.2.12, 5.4.6, 5.4.7, 5.6.1 up to 5.6.3. It is, therefore, affected by an error related to the web proxy disclaimer web pages that allows disclosure of uninitialized memory buffers."); script_set_attribute(attribute:"see_also", value:"https://fortiguard.com/psirt/FG-IR-18-325"); script_set_attribute(attribute:"solution", value: "Upgrade to Fortinet FortiOS version 5.4.8, 5.6.4, 6.0.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-13376"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/22"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/05"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fortinet:fortios"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Firewalls"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("fortinet_version.nbin"); script_require_keys("Host/Fortigate/model", "Host/Fortigate/version"); exit(0); } include("audit.inc"); include("vcf.inc"); app_name = "FortiOS"; app_info = vcf::get_app_info(app:app_name, kb_ver:"Host/Fortigate/version"); constraints = [ # 5.2.12 and up for remainder of 5.2.x { "min_version":"5.2.12", "fixed_version" : "5.3", "fixed_display" : "5.4.8" }, # 5.4.6 and 5.4.7 { "min_version":"5.4.6", "max_version" : "5.4.7", "fixed_version" : "5.4.8" }, # 5.6.1 up to and including 5.6.3 { "min_version":"5.6.1", "max_version" : "5.6.3", "fixed_version" : "5.6.4 / 6.0.0" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Summary

Vulnerable Configurations

Nessus

References