{"containers": {"cna": {"affected": [{"product": "Fortinet FortiOS and FortiProxy", "vendor": "Fortinet", "versions": [{"status": "affected", "version": "FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier, FortiProxy 2.0.0, 1.2.8 and earlier"}]}], "datePublic": "2019-04-02T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-09T16:01:31.000Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/advisory/FG-IR-18-388"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/advisory/FG-IR-20-229"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2018-13383", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet FortiOS and FortiProxy", "version": {"version_data": [{"version_value": "FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier, FortiProxy 2.0.0, 1.2.8 and earlier"}]}}]}, "vendor_name": "Fortinet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages."}]}, "impact": {"cvss": {"attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "Low", "baseScore": 4.2, "baseSeverity": "Medium", "confidentialityImpact": "None", "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "userInteraction": "None", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of service"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/advisory/FG-IR-18-388", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-18-388"}, {"name": "https://fortiguard.com/advisory/FG-IR-20-229", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-20-229"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:00:35.101Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/advisory/FG-IR-18-388"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/advisory/FG-IR-20-229"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-13383", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-23T13:33:02.861324Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-01-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13383"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13383", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "timeline": [{"time": "2022-01-10T00:00:00+00:00", "lang": "en", "value": "CVE-2018-13383 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T23:45:36.261Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2018-13383", "datePublished": "2019-05-29T17:20:03.000Z", "dateReserved": "2018-07-06T00:00:00.000Z", "dateUpdated": "2025-10-21T23:45:36.261Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/advisory/FG-IR-18-388", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://fortiguard.com/advisory/FG-IR-20-229", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:00:35.101Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-13383", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-23T13:33:02.861324Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-01-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13383"}}}], "timeline": [{"lang": "en", "time": "2022-01-10T00:00:00+00:00", "value": "CVE-2018-13383 added to CISA KEV"}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13383", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T13:33:13.440Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Fortinet", "product": "Fortinet FortiOS and FortiProxy", "versions": [{"status": "affected", "version": "FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier, FortiProxy 2.0.0, 1.2.8 and earlier"}]}], "datePublic": "2019-04-02T00:00:00.000Z", "references": [{"url": "https://fortiguard.com/advisory/FG-IR-18-388", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://fortiguard.com/advisory/FG-IR-20-229", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Denial of service"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2021-03-09T16:01:31.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "Unchanged", "version": "3.1", "baseScore": 4.2, "attackVector": "Network", "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "None", "userInteraction": "None", "attackComplexity": "Low", "availabilityImpact": "Low", "privilegesRequired": "Low", "confidentialityImpact": "None"}}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier, FortiProxy 2.0.0, 1.2.8 and earlier"}]}, "product_name": "Fortinet FortiOS and FortiProxy"}]}, "vendor_name": "Fortinet"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/advisory/FG-IR-18-388", "name": "https://fortiguard.com/advisory/FG-IR-18-388", "refsource": "CONFIRM"}, {"url": "https://fortiguard.com/advisory/FG-IR-20-229", "name": "https://fortiguard.com/advisory/FG-IR-20-229", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of service"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-13383", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com"}}}}, "cveMetadata": {"cveId": "CVE-2018-13383", "state": "PUBLISHED", "dateUpdated": "2025-10-21T23:45:36.261Z", "dateReserved": "2018-07-06T00:00:00.000Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2019-05-29T17:20:03.000Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-07-10", "cisaExploitAdd": "2022-01-10", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Fortinet FortiOS and FortiProxy Out-of-bounds Write", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B47708E-8A92-4767-8685-49C3143D0920", "versionEndExcluding": "1.2.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F3DD97EA-92AD-4EB1-B731-261F40BFC4BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CC2097E-BA3D-4596-B4E4-5FB0DDCAE2FE", "versionEndExcluding": "5.2.15", "versionStartIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "B07B6E15-30AE-44E6-8009-A30FD3E5CCD3", "versionEndExcluding": "5.4.13", "versionStartIncluding": "5.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "9093BE81-687C-4CCB-834A-BE49CEE367C5", "versionEndExcluding": "5.6.11", "versionStartIncluding": "5.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "D37F1481-E7A7-4428-89C9-5DF9D206D056", "versionEndExcluding": "6.0.5", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages."}, {"lang": "es", "value": "Un desbordamiento del b\u00fafer de la pila en Fortinet FortiOS versi\u00f3n 6.0.0 hasta 6.0.4, versi\u00f3n 5.6.0 hasta 5.6.10, versi\u00f3n 5.4.0 hasta 5.4.12, versi\u00f3n 5.2.14 y anteriores y FortiProxy versi\u00f3n 2.0.0, versi\u00f3n 1.2.8 y anteriores en el portal web de SSL VPN puede provocar la finalizaci\u00f3n del servicio web de SSL VPN para los usuarios registrados debido a un fallo en el manejo de los datos href de javascript al proxiar las p\u00e1ginas web"}], "id": "CVE-2018-13383", "lastModified": "2025-10-24T12:54:16.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-29T18:29:00.693", "references": [{"source": "psirt@fortinet.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-18-388"}, {"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-20-229"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-18-388"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-20-229"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13383"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}