Attacker Value
Very Low
(1 user assessed)
Exploitability
Very Low
(1 user assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
0

CVE-2018-13383

Disclosure Date: May 29, 2019
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A heap buffer overflow in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.10, 5.4.0 to 5.4.12, 5.2.14 and below in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

Add Assessment

1
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Very Low
Technical Analysis

There doesn’t seem to be much value for an attacker to terminate a web service.

General Information

Vendors

  • Fortinet

Products

  • Fortinet FortiOS

Additional Info

Technical Analysis