From db2aa9b92e5f5c5e8816ad857e03b965053d0134 Mon Sep 17 00:00:00 2001
From: Fortinet PSIRT Team <psirt_team@fortinet.com>
Date: Wed, 2 Jun 2021 15:43:25 +0200
Subject: [PATCH] Commit CVE-2018-13374

---
 2018/13xxx/CVE-2018-13374.json | 53 ++++++++++++++++++++--------------
 1 file changed, 32 insertions(+), 21 deletions(-)

diff --git a/2018/13xxx/CVE-2018-13374.json b/2018/13xxx/CVE-2018-13374.json
index 0c65f24e5a4..f48c46921df 100644
--- a/2018/13xxx/CVE-2018-13374.json
+++ b/2018/13xxx/CVE-2018-13374.json
@@ -1,42 +1,50 @@
 {
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
     "CVE_data_meta": {
-        "ASSIGNER": "psirt@fortinet.com",
         "ID": "CVE-2018-13374",
+        "ASSIGNER": "psirt@fortinet.com",
         "STATE": "PUBLIC"
     },
     "affects": {
         "vendor": {
             "vendor_data": [
                 {
+                    "vendor_name": "Fortinet",
                     "product": {
                         "product_data": [
                             {
-                                "product_name": "Fortinet FortiOS",
+                                "product_name": "Fortinet FortiOS, fortiADC",
                                 "version": {
                                     "version_data": [
                                         {
-                                            "version_value": "FortiOS 6.0.2, 5.6.7 and below"
+                                            "version_value": "FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4"
                                         }
                                     ]
                                 }
                             }
                         ]
-                    },
-                    "vendor_name": "Fortinet"
+                    }
                 }
             ]
         }
     },
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "A Improper Access Control in Fortinet FortiOS allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one."
-            }
-        ]
+    "impact": {
+        "cvss": {
+            "attackComplexity": "Low",
+            "attackVector": "Network",
+            "availabilityImpact": "None",
+            "baseScore": 4.2,
+            "baseSeverity": "Medium",
+            "confidentialityImpact": "Low",
+            "integrityImpact": "None",
+            "privilegesRequired": "Low",
+            "scope": "Unchanged",
+            "userInteraction": "None",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+            "version": "3.1"
+        }
     },
     "problemtype": {
         "problemtype_data": [
@@ -53,15 +61,18 @@
     "references": {
         "reference_data": [
             {
-                "name": "46171",
-                "refsource": "EXPLOIT-DB",
-                "url": "https://www.exploit-db.com/exploits/46171/"
-            },
-            {
-                "name": "https://fortiguard.com/advisory/FG-IR-18-157",
                 "refsource": "CONFIRM",
+                "name": "https://fortiguard.com/advisory/FG-IR-18-157",
                 "url": "https://fortiguard.com/advisory/FG-IR-18-157"
             }
         ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one."
+            }
+        ]
     }
 }
\ No newline at end of file