{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T00:49:49.583","vulnerabilities":[{"cve":{"id":"CVE-2018-13382","sourceIdentifier":"psirt@fortinet.com","published":"2019-06-04T21:29:00.373","lastModified":"2025-10-24T12:52:57.843","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests"},{"lang":"es","value":"Una vulnerabilidad de autorización inadecuada en Fortinet FortiOS versiones 6.0.0 a 6.0.4, 5.6.0 a 5.6.8 y 5.4.1 a 5.4.10 y FortiProxy versiones 2.0.0, 1.2.0 a 1.2.8, 1.1.0 a 1.1.6, 1.0.0 a 1.0.7 en el portal web SSL VPN permite a un atacante no autenticado modificar la contraseña de un usuario del portal web SSL VPN a través de peticiones HTTP especialmente diseñadas"}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2022-01-10","cisaActionDue":"2022-07-10","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Fortinet FortiOS and FortiProxy Improper Authorization","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.9","matchCriteriaId":"4B47708E-8A92-4767-8685-49C3143D0920"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F3DD97EA-92AD-4EB1-B731-261F40BFC4BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.1","versionEndExcluding":"5.4.11","matchCriteriaId":"250C33C2-29AD-4B75-BF05-E7256B4A5B54"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndExcluding":"5.6.9","matchCriteriaId":"7A60D8EF-E47F-45A9-8E40-0169609D9B7B"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.5","matchCriteriaId":"D37F1481-E7A7-4428-89C9-5DF9D206D056"}]}]}],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-18-389","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://www.fortiguard.com/psirt/FG-IR-20-231","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/advisory/FG-IR-18-389","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.fortiguard.com/psirt/FG-IR-20-231","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13382","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}