AI description
CVE-2018-13374 is an improper access control vulnerability that affects Fortinet FortiOS and FortiADC. The vulnerability allows an attacker to obtain the LDAP server login credentials configured in FortiGate. This is achieved by pointing an LDAP server connectivity test request to a rogue LDAP server instead of the configured one. The vulnerability affects FortiOS versions 6.0.2, 5.6.7 and before, and FortiADC versions 6.1.0, 6.0.0 to 6.0.1, and 5.4.0 to 5.4.4.
- Description
- A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Data from CISA
- Vulnerability name
- Fortinet FortiOS and FortiADC Improper Access Control Vulnerability
- Exploit added on
- Sep 8, 2022
- Exploit action due
- Sep 29, 2022
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-53770 (SharePoint..) +426.22% - CVE-2024-42057 (Zyxel Firewall..) +29.73% - CVE-2021-21974 (ESXi..) +25.27% - CVE-2018-13374 (FortiOS..) +15.68% - CVE-2020-3259 (ASA..) +11.25%
@DefusedCyber
1 Sept 2025
4835 Impressions
2 Retweets
14 Likes
9 Bookmarks
0 Replies
2 Quotes
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-53770 (SharePoint..) +3700.00% - CVE-2019-6693 (FortiOS..) +159.30% - CVE-2019-5591 (FortiOS..) +44.14% - CVE-2024-42057 (Zyxel Firewall..) +33.61% - CVE-2018-13374 (FortiOS..) +30.01%
@DefusedCyber
23 Jul 2025
1200 Impressions
2 Retweets
9 Likes
3 Bookmarks
0 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FE3819E-9A44-450F-A461-C8C98C4EA37C",
"versionEndExcluding": "5.4.5",
"versionStartIncluding": "5.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C5CDC2B-23F8-4023-AC68-155C274F900E",
"versionEndExcluding": "6.0.2",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "028E15CD-B5F9-4376-9758-78D131103BF1"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93254072-D30A-4BF8-9AB5-40DF2C2D5507",
"versionEndExcluding": "6.0.3"
}
],
"operator": "OR"
}
]
}
]