CVE-2018-13383

CVE Database · CVE-2018-13383

CVE-2018-13383

· MEDIUMAnalyzed

CVSS v3.1

4.3

EPSS

33.65%

Published

May 29, 2019

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2022-01-10 · Due: 2022-07-10

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Weaknesses (CWE)

CWE-787CWE-787

Affected Products (6)

fortinet · fortiproxy (up to 1.2.9)vulnerable

fortinet · fortiproxyvulnerable

fortinet · fortios (up to 5.2.15)vulnerable

fortinet · fortios (up to 5.4.13)vulnerable

fortinet · fortios (up to 5.6.11)vulnerable

fortinet · fortios (up to 6.0.5)vulnerable

References (5)