Vulnerabilities > CVE-2018-13383 - Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
fortinet
CWE-787
nessus

Summary

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

Vulnerable Configurations

Part Description Count
Application
Fortinet
25
OS
Fortinet
44

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FORTIOS_FG-IR-18-388.NASL
    descriptionThe remote Mac OS X host is running a version of FortiOS prior to 5.6.11 or 6.0.x prior to 6.0.5. It is, therefore, affected by a heap buffer overflow condition in the SSL VPN web portal due to improper handling of javascript href data. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specifically crafted proxy-ed webpage, to cause a denial of service condition.
    last seen2020-06-01
    modified2020-06-02
    plugin id125893
    published2019-06-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125893
    titleFortinet FortiOS (Mac OS X) < 5.6.11, 6.0.x < 6.0.5 SSL VPN Heap Buffer Overflow (FG-IR-18-388)
  • NASL familyFirewalls
    NASL idFORTIOS_FG-IR-18-388.NASL
    descriptionThe remote host is running a version of FortiOS prior to 5.6.11 or 6.0.x prior to 6.0.5. It is, therefore, affected by a heap buffer overflow condition in the SSL VPN web portal due to improper handling of javascript href data. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specifically crafted webpage, to cause a denial of service condition.
    last seen2020-06-01
    modified2020-06-02
    plugin id125887
    published2019-06-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125887
    titleFortinet FortiOS < 5.6.11, 6.0.x < 6.0.5 SSL VPN Heap Buffer Overflow (FG-IR-18-388)