Vulnerabilities > CVE-2018-13383 - Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_FORTIOS_FG-IR-18-388.NASL description The remote Mac OS X host is running a version of FortiOS prior to 5.6.11 or 6.0.x prior to 6.0.5. It is, therefore, affected by a heap buffer overflow condition in the SSL VPN web portal due to improper handling of javascript href data. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specifically crafted proxy-ed webpage, to cause a denial of service condition. last seen 2020-06-01 modified 2020-06-02 plugin id 125893 published 2019-06-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125893 title Fortinet FortiOS (Mac OS X) < 5.6.11, 6.0.x < 6.0.5 SSL VPN Heap Buffer Overflow (FG-IR-18-388) NASL family Firewalls NASL id FORTIOS_FG-IR-18-388.NASL description The remote host is running a version of FortiOS prior to 5.6.11 or 6.0.x prior to 6.0.5. It is, therefore, affected by a heap buffer overflow condition in the SSL VPN web portal due to improper handling of javascript href data. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specifically crafted webpage, to cause a denial of service condition. last seen 2020-06-01 modified 2020-06-02 plugin id 125887 published 2019-06-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125887 title Fortinet FortiOS < 5.6.11, 6.0.x < 6.0.5 SSL VPN Heap Buffer Overflow (FG-IR-18-388)