CVE-2018-13376

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 5.2 through 5.6.3 Fortinet FortiOS versions 5.4.6 through 5.4.7

Description The issue is related to an uninitialized memory buffer leak in the web proxy's disclaimer response web pages. This could potentially cause sensitive data to be displayed in the HTTP response. The vulnerability is associated with resource management errors, which could allow a remote attacker to disclose protected information.

Recommendations For Fortinet FortiOS versions 5.2 through 5.6.3, consider disabling the web proxy's disclaimer response web pages until a patch is available. For Fortinet FortiOS versions 5.4.6 through 5.4.7, restrict access to the web proxy to minimize the risk of exploitation. As a temporary workaround, avoid using the web proxy's disclaimer response web pages in Fortinet FortiOS until the issue is resolved.