CVE-2018-13366

MEDIUM

Fortinet FortiOS <= 5.6.7 - Information Disclosure via PPTP Hostname Field

Title source: llm
STIX 2.1

Description

An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-18-101

Scores

CVSS v3 5.3
EPSS 0.0024
EPSS Percentile 46.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (3)
fortinet/fortios 6.0.0
fortinet/fortios 6.0.1
fortinet/fortios < 5.6.7
Published Apr 09, 2019
Tracked Since Feb 18, 2026