Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2018-13374

Published: 22/01/2019 Updated: 03/06/2021
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 357
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Subscribe to Fortios

Vulnerability Summary

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows malicious user to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fortinet fortios

Exploits

Exploit DB: FortiGate FortiOS LDAP Credential Disclosure
FortiGate FortiOS versions prior to 603 suffer from an LDAP credential disclosure vulnerability ...

Github Repositories

https://github.com/Ransomware-Advisory/Conti-Ransomware

Conti-Ransomware RELATED IOCs, MITIGATION STEPS AND REFERENCE LINKS Common Vulnerabilities and Exposures : Firewall Vulnerabilities CVE-2018-13379, CVE-2018-13374, gather foothold using Cobalt strike IOCs (Indicators of compromise) BazarLoader-- 642276992|443 1613515592|443 16135147110|443 642276560|443 Loader download-- millscruelgcom 459511133|80 Cobalt Strike

https://github.com/juliourena/plaintext

plaintext Here you will find some of the things that I have worked or am investigating CVE's - PoC CVE-2018-13374 CVE-2019-19470 CSharp Tools (C#) PowerEmpire UAC Bypass Masquerade PEB HackTheBox PortScan CSRF Login Brute Force (bart) PortKnocking PowerShell Invoke-InternetTest Random Python Scripts SMTP_o365

Recent Articles

Ransomware: How Attackers are Breaching Corporate Networks
Symantec Threat Intelligence Blog • Karthikeyan C Kasiviswanathan Vishal Kamble • 28 Apr 2024

Latest tools, tactics, and procedures being used by the Hive, Conti, and AvosLocker ransomware operations.

Posted: 28 Apr, 20228 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinRansomware: How Attackers are Breaching Corporate NetworksLatest tools, tactics, and procedures being used by the Hive, Conti, and AvosLocker ransomware operations.Targeted ransomware attacks continue to be one of the most critical cyber risks facing organizations of all sizes. The tactics used by ransomware attackers are continually evolving, but by identifying the most freq...

Read more...

References

CWE-732https://fortiguard.com/advisory/FG-IR-18-157https://nvd.nist.govhttps://github.com/Ransomware-Advisory/Conti-Ransomwarehttps://packetstormsecurity.com/files/151205/FortiGate-FortiOS-LDAP-Credential-Disclosure.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook