CISA KEV 정보
| 취약점명 | Fortinet FortiOS and FortiProxy Out-of-bounds Write |
|---|---|
| 설명 | A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Known |
| CWE | CWE-787 |
| 등록일 (KEV) | 2022-01-10 |
| 조치 기한 | 2022-07-10 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2018-13383 |
NVD 상세 정보
CVSS v3.1: 4.3 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LCVSS v2.0: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P설명: A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.
CWE: CWE-787 | CWE-787
참조
- https://fortiguard.com/advisory/FG-IR-18-388 [Mitigation, Vendor Advisory]
- https://fortiguard.com/advisory/FG-IR-20-229 [Vendor Advisory]
- https://fortiguard.com/advisory/FG-IR-18-388 [Mitigation, Vendor Advisory]
- https://fortiguard.com/advisory/FG-IR-20-229 [Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13383 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.