CVE-2018-13383

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

Published: May 29, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-13383
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
fortinet / fortiproxy	2.0.0	2.0.0.x
fortinet / fortiproxy	-	1.2.9
fortinet / fortios	6.0.0	6.0.5
fortinet / fortios	5.2.0	5.2.15
fortinet / fortios	5.4.0	5.4.13
fortinet / fortios	5.6.0	5.6.11

https://fortiguard.com/advisory/FG-IR-18-388
https://fortiguard.com/advisory/FG-IR-20-229

Vulnerability Database

289,784

CVE-2018-13383