Published: 04/06/2019 Updated: 03/06/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated malicious user to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

Vulnerable Product	Search on Vulmon	Subscribe to Product
fortinet fortios

Fortinet FortiOS version 604 suffers from an unauthenticated SSL VPN user password modification vulnerability ...

CVE-2018-13382

CVE-2018-13382 CVE-2018-13382 devcore/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn/ An Improper Authorization vulnerability in Fortinet FortiOS 600 to 604, 560 to 568 and 541 to 5410 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests

A curated list of my functional exploits...

Public-Exploits A curated list of my functional exploits About Public exploits (re)writed for learning purpose or pentesting / red teaming assessments Contents Centreon Centreon Web CVE-2015-1560, CVE-2015-1561 | Centreon Web Time-Based Blind SQLi to RCE Fortinet Fortigate CVE-2018-13379 | Fortigate SSL-VPN Credentials Stealer CVE-2018-13382 | Fortigate SSL-VPN

Some personal exploits/pocs

Exploits Miscellaneous proof of concept exploit code for testing purposes Current Exploits Fortinet FortiOS 600 <= 604, 560 <= 568, 541 <= 5410: The magic backdoor (CVE-2018-13382) Strato HiDrive <= 5010 LPE (CVE-2019-9486) Exim 487 < 491 LPE (CVE-2019-10149) ASUS Aura Sync <= 10771 Stack-Based Buffer Overflow (CVE-

A curated list of my functional exploits...

Public-Exploits A curated list of my functional exploits About Public exploits (re)writed for learning purpose or pentesting / red teaming assessments Contents Centreon Centreon Web CVE-2015-1560, CVE-2015-1561 | Centreon Web Time-Based Blind SQLi to RCE Fortinet Fortigate CVE-2018-13379 | Fortigate SSL-VPN Credentials Stealer CVE-2018-13382 | Fortigate SSL-VPN

CWE-285 https://fortiguard.com/advisory/FG-IR-18-389 https://www.fortiguard.com/psirt/FG-IR-20-231 https://nvd.nist.gov https://github.com/milo2012/CVE-2018-13382 https://packetstormsecurity.com/files/160130/Fortinet-FortiOS-6.0.4-Password-Modification.html

CVE-2018-13382

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect