CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2018-13374	High	3.8%	FortinetFortiOS and FortiADC	Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.	Sep 8, 2022	KEV
CVE-2018-13383	High	1.3%	FortinetFortiOS and FortiProxy	A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.	Jan 10, 2022	KEV
CVE-2018-13382	High	86.1%	FortinetFortiOS and FortiProxy	An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.	Jan 10, 2022	KEV
CVE-2021-44168	High	1.4%	FortinetFortiOS	Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.	Dec 10, 2021	KEV
CVE-2019-5591	High	48.4%	FortinetFortiOS	Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server.	Nov 3, 2021	KEV
CVE-2018-13379	High 9.1	94.5%	fortinetFortiOS	Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.	Nov 3, 2021	KEV
CVE-2020-12812	High	47.0%	FortinetFortiOS	Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.	Nov 3, 2021	KEV

CVE-2018-13374KEV

High

Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.

FortinetEPSS 3.8%

CVE-2018-13383KEV

High

A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.

FortinetEPSS 1.3%

CVE-2018-13382KEV

High

An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.

FortinetEPSS 86.1%

CVE-2021-44168KEV

High

Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.

FortinetEPSS 1.4%

CVE-2019-5591KEV

High

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server.

FortinetEPSS 48.4%

CVE-2018-13379KEV

High

Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.

fortinetCVSS 9.1EPSS 94.5%

CVE-2020-12812KEV

High

Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.

FortinetEPSS 47.0%

1 2