CVE-2018-13374

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 5.4.0 through 5.6.7 Fortinet FortiOS version 6.0.0 through 6.0.2 Fortinet FortiADC versions 5.4.0 through 6.1.0

Description An improper access control issue exists in Fortinet FortiOS and FortiADC. The issue allows an attacker to obtain the LDAP server login credentials configured in FortiGate by directing an LDAP server connectivity test request to a rogue LDAP server instead of the configured one. Read-only administrators can also exploit this issue.

Recommendations Fortinet FortiOS versions 5.4.0 through 5.6.7: Update to a newer, fixed version. Fortinet FortiOS versions 6.0.0 through 6.0.2: Update to a newer, fixed version. Fortinet FortiADC versions 5.4.0 through 6.1.0: Update to a newer, fixed version.