cvelist/2018/13xxx/CVE-2018-13382.json

{
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2018-13382",
        "ASSIGNER": "psirt@fortinet.com",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Fortinet",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Fortinet FortiOS, FortiProxy",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8, 5.4.1 to 5.4.10, FortiProxy 2.0.0, 1.2.0 to 1.2.8,  1.1.0 to 1.1.6, 1.0.0 to 1.0.7"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "impact": {
        "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "None",
            "baseScore": 8.9,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Improper Access Control"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "CONFIRM",
                "name": "https://fortiguard.com/advisory/FG-IR-18-389",
                "url": "https://fortiguard.com/advisory/FG-IR-18-389"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://www.fortiguard.com/psirt/FG-IR-20-231",
                "url": "https://www.fortiguard.com/psirt/FG-IR-20-231"
            }
        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests"
            }
        ]
    }
}
- Synchronized data. 2018-07-06 10:04:23 -04:00			`{`
"-Synchronized-Data." 2019-06-04 21:00:48 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2019-03-18 00:16:36 +00:00			`"CVE_data_meta": {`
			`"ID": "CVE-2018-13382",`
"-Synchronized-Data." 2019-06-04 21:00:48 +00:00			`"ASSIGNER": "psirt@fortinet.com",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Fortinet",`
			`"product": {`
			`"product_data": [`
			`{`
Commit CVE-2018-13382 2021-06-02 15:46:14 +02:00			`"product_name": "Fortinet FortiOS, FortiProxy",`
"-Synchronized-Data." 2019-06-04 21:00:48 +00:00			`"version": {`
			`"version_data": [`
			`{`
Commit CVE-2018-13382 2021-06-02 15:46:14 +02:00			`"version_value": "FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8, 5.4.1 to 5.4.10, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7"`
"-Synchronized-Data." 2019-06-04 21:00:48 +00:00			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
Commit CVE-2018-13382 2021-06-02 15:46:14 +02:00			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "Low",`
			`"attackVector": "Network",`
			`"availabilityImpact": "None",`
			`"baseScore": 8.9,`
			`"baseSeverity": "High",`
			`"confidentialityImpact": "High",`
			`"integrityImpact": "High",`
			`"privilegesRequired": "None",`
			`"scope": "Unchanged",`
			`"userInteraction": "None",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",`
			`"version": "3.1"`
			`}`
			`},`
"-Synchronized-Data." 2019-06-04 21:00:48 +00:00			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Improper Access Control"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "https://fortiguard.com/advisory/FG-IR-18-389",`
			`"url": "https://fortiguard.com/advisory/FG-IR-18-389"`
"-Synchronized-Data." 2019-06-11 17:00:47 +00:00			`},`
			`{`
Commit CVE-2018-13382 2021-06-02 15:46:14 +02:00			`"refsource": "CONFIRM",`
			`"name": "https://www.fortiguard.com/psirt/FG-IR-20-231",`
			`"url": "https://www.fortiguard.com/psirt/FG-IR-20-231"`
"-Synchronized-Data." 2019-06-04 21:00:48 +00:00			`}`
			`]`
"-Synchronized-Data." 2019-03-18 00:16:36 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2021-06-03 11:00:53 +00:00			`"value": "An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests"`
"-Synchronized-Data." 2019-03-18 00:16:36 +00:00			`}`
			`]`
			`}`
			`}`