CVE-2018-13382

CVSS 9.1 CRITICALEPSS 81.7%● KEVCWE-863

In short

An unauthenticated attacker can change SSL VPN user passwords without logging in, by sending specially crafted requests to the web portal. This is critical because it allows unauthorized access to the VPN system.

Technical detail

An improper authorization flaw in the SSL VPN web portal password reset function fails to properly validate user identity, allowing unauthenticated HTTP requests to modify arbitrary user passwords. The vulnerability affects multiple Fortinet products across specific version ranges and requires no prior authentication or user interaction.

Summary generated and translated by AI from the official description.

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Fortinet · Fortinet FortiOS, FortiProxy

public PoCs found — 4

githubgithub.com/milo2012/CVE-2018-13382★ 146 githubgithub.com/tumikoto/Exploit-FortinetMagicBackdoor★ 1 githubgithub.com/cojoben/CVE-2018-13382★ 0 exploitdbwww.exploit-db.com/exploits/49074unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.com/advisory/FG-IR-18-389 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13382 https://www.fortiguard.com/psirt/FG-IR-20-231