Cyber Resilience

CVE-2018-13374

MediumCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 22 January 2019

Published
22 January 2019
Modified
24 October 2025
KEV Added
08 September 2022
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0337 87.6th percentile
Risk Priority 31 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-13374 is a medium-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Fortinet Fortiadc. Its CVSS base score is 4.3 (Medium).

Operationally, ranked in the top 12.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-4 (Information Flow Enforcement).

Deeper analysis

CVE-2018-13374 is an improper access control vulnerability (CWE-732) affecting Fortinet FortiOS versions 6.0.2, 5.6.7 and earlier as well as FortiADC versions 6.1.0, 6.0.0–6.0.1, and 5.4.0–5.4.4. The flaw resides in the LDAP server connectivity test functionality and permits an authenticated user to obtain the login credentials configured for an LDAP server in FortiGate by redirecting the test request to an attacker-controlled rogue LDAP server.

An attacker with low privileges can exploit the issue over the network with low attack complexity. By supplying a malicious LDAP server address during the connectivity test, the attacker receives the clear-text credentials that FortiGate would otherwise use to bind to the legitimate LDAP directory, resulting in partial disclosure of sensitive configuration data without requiring user interaction.

The FortiGuard advisory FG-IR-18-157 addresses the issue and is referenced in CISA’s Known Exploited Vulnerabilities catalog, indicating confirmed in-the-wild exploitation. Organizations are advised to apply the patches or configuration updates published in the advisory to prevent credential exposure.

EU & UK References

Vulnerability details

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to…

more

a rogue LDAP server instead of the configured one.

CWE(s)
KEV Date Added
08 September 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fortinet
fortiadc
6.1.0 · 5.4.0 — 5.4.5 · 6.0.0 — 6.0.2
fortinet
fortios
≤ 6.0.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations on the LDAP connectivity test function so that low-privilege users cannot redirect it to a rogue server and obtain stored bind credentials.

prevent

Limits the set of users permitted to invoke the LDAP test operation, reducing the population that can trigger credential disclosure.

prevent

Enforces information-flow rules that would block transmission of LDAP bind credentials to an unapproved (rogue) destination address.

References