CVE-2018-13374

CVE Database · CVE-2018-13374

CVE-2018-13374

· MEDIUMAnalyzed

CVSS v3.1

4.3

EPSS

38.09%

Published

Jan 22, 2019

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2022-09-08 · Due: 2022-09-29

Apply updates per vendor instructions.

Public PoC / Exploit (3)

All weaponized →

Exploit-DBFortinet FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure TrickestTrickest PoC index GitHub PoCJustjeff211/conti-ransomware-writeup★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-732CWE-732

Affected Products (4)

fortinet · fortiadc (up to 5.4.5)vulnerable

fortinet · fortiadc (up to 6.0.2)vulnerable

fortinet · fortiadcvulnerable

fortinet · fortios (up to 6.0.3)vulnerable

References (3)

https://fortiguard.com/advisory/FG-IR-18-157

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-18-157

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13374

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs