CVE-2018-13383
Published: 29 May 2019
Summary
CVE-2018-13383 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Fortinet Fortios. Its CVSS base score is 4.3 (Medium).
Operationally, ranked in the top 17.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is a heap buffer overflow, tracked as CWE-787, affecting the SSL VPN web portal component in Fortinet FortiOS versions 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, and 5.2.14 and earlier, as well as FortiProxy versions 2.0.0, 1.2.8 and earlier. It arises from a failure to properly handle javascript href data when proxying webpages and is rated 4.3 on CVSS 3.1 with impacts limited to availability.
An authenticated attacker with network access can trigger the flaw to cause termination of the SSL VPN web service for logged-in users, producing a denial-of-service condition without user interaction required.
The issue appears in FortiGuard advisories FG-IR-18-388 and FG-IR-20-229, and it is catalogued by CISA among vulnerabilities observed in active exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-5327
Vulnerability details
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for…
more
logged in users due to a failure to properly handle javascript href data when proxying webpages.
- CWE(s)
- KEV Date Added
- 10 January 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely patching of the heap buffer overflow flaw in the SSL VPN web portal component.
Mandates input validation on javascript href data processed by the SSL VPN proxy, eliminating the root cause of the overflow.
Requires memory-protection techniques that can limit the impact of heap overflows and resulting service termination.