CVE-2018-13383

MEDIUM KEV RANSOMWARE

Fortinet Fortiproxy < 1.2.9 - Out-of-Bounds Write

Title source: rule

Description

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

References (3)

[Mitigation, Vendor Advisory] https://fortiguard.com/advisory/FG-IR-18-388

[Vendor Advisory] https://fortiguard.com/advisory/FG-IR-20-229

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13383

Scores

CVSS v3 4.3

EPSS 0.0129

EPSS Percentile 79.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Details

CISA KEV 2022-01-10

VulnCheck KEV 2019-10-02

InTheWild.io 2019-08-21

ENISA EUVD EUVD-2018-5327

Ransomware Use Confirmed

CWE

CWE-787

Status published

Products (3)

fortinet/fortios 5.2.0 - 5.2.15

fortinet/fortiproxy 2.0.0

fortinet/fortiproxy < 1.2.9

Published May 29, 2019

KEV Added Jan 10, 2022

Tracked Since Feb 18, 2026