Auto-merge PR#1893

2025-08-04 08:44:25 +00:00 · 2021-06-03 06:30:27 -04:00 · 2021-06-03 06:30:27 -04:00 · 7c77b9944f
commit 7c77b9944f
parent 8b23158ecf db2aa9b92e
1 changed files with 32 additions and 21 deletions
--- a/2018/13xxx/CVE-2018-13374.json
+++ b/2018/13xxx/CVE-2018-13374.json
@ -1,42 +1,50 @@
 {
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
    "CVE_data_meta": {
-        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2018-13374",
+        "ASSIGNER": "psirt@fortinet.com",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
+                    "vendor_name": "Fortinet",
                    "product": {
                        "product_data": [
                            {
-                                "product_name": "Fortinet FortiOS",
+                                "product_name": "Fortinet FortiOS, fortiADC",
                                "version": {
                                    "version_data": [
                                        {
-                                            "version_value": "FortiOS 6.0.2, 5.6.7 and below"
+                                            "version_value": "FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4"
                                        }
                                    ]
                                }
                            }
                        ]
-                    },
-                    "vendor_name": "Fortinet"
+                    }
                }
            ]
        }
    },
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "A Improper Access Control in Fortinet FortiOS allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one."
-            }
-        ]
+    "impact": {
+        "cvss": {
+            "attackComplexity": "Low",
+            "attackVector": "Network",
+            "availabilityImpact": "None",
+            "baseScore": 4.2,
+            "baseSeverity": "Medium",
+            "confidentialityImpact": "Low",
+            "integrityImpact": "None",
+            "privilegesRequired": "Low",
+            "scope": "Unchanged",
+            "userInteraction": "None",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+            "version": "3.1"
+        }
    },
    "problemtype": {
        "problemtype_data": [
@ -53,15 +61,18 @@
    "references": {
        "reference_data": [
            {
-                "name": "46171",
-                "refsource": "EXPLOIT-DB",
-                "url": "https://www.exploit-db.com/exploits/46171/"
-            },
-            {
-                "name": "https://fortiguard.com/advisory/FG-IR-18-157",
                "refsource": "CONFIRM",
+                "name": "https://fortiguard.com/advisory/FG-IR-18-157",
                "url": "https://fortiguard.com/advisory/FG-IR-18-157"
            }
        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one."
+            }
+        ]
    }
 }