Commit CVE-2018-13374

2025-05-06 02:32:02 +00:00 · 2021-06-02 15:43:25 +02:00 · 2021-06-02 15:43:25 +02:00 · db2aa9b92e
commit db2aa9b92e
parent 83662755ef
1 changed files with 32 additions and 21 deletions
--- a/2018/13xxx/CVE-2018-13374.json
+++ b/2018/13xxx/CVE-2018-13374.json
@ -1,42 +1,50 @@
 {
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
    "CVE_data_meta": {
-        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2018-13374",
+        "ASSIGNER": "psirt@fortinet.com",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
+                    "vendor_name": "Fortinet",
                    "product": {
                        "product_data": [
                            {
-                                "product_name": "Fortinet FortiOS",
+                                "product_name": "Fortinet FortiOS, fortiADC",
                                "version": {
                                    "version_data": [
                                        {
-                                            "version_value": "FortiOS 6.0.2, 5.6.7 and below"
+                                            "version_value": "FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4"
                                        }
                                    ]
                                }
                            }
                        ]
-                    },
-                    "vendor_name": "Fortinet"
+                    }
                }
            ]
        }
    },
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "A Improper Access Control in Fortinet FortiOS allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one."
-            }
-        ]
+    "impact": {
+        "cvss": {
+            "attackComplexity": "Low",
+            "attackVector": "Network",
+            "availabilityImpact": "None",
+            "baseScore": 4.2,
+            "baseSeverity": "Medium",
+            "confidentialityImpact": "Low",
+            "integrityImpact": "None",
+            "privilegesRequired": "Low",
+            "scope": "Unchanged",
+            "userInteraction": "None",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+            "version": "3.1"
+        }
    },
    "problemtype": {
        "problemtype_data": [
@ -53,15 +61,18 @@
    "references": {
        "reference_data": [
            {
-                "name": "46171",
-                "refsource": "EXPLOIT-DB",
-                "url": "https://www.exploit-db.com/exploits/46171/"
-            },
-            {
-                "name": "https://fortiguard.com/advisory/FG-IR-18-157",
                "refsource": "CONFIRM",
+                "name": "https://fortiguard.com/advisory/FG-IR-18-157",
                "url": "https://fortiguard.com/advisory/FG-IR-18-157"
            }
        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one."
+            }
+        ]
    }
 }