External risk intelligence

Fortinet FortiOS and FortiADC Credential Disclosure Vulnerability

CVE advisoryKnown Exploit

CVE-2018-13374

A vulnerability in Fortinet products may allow an attacker to obtain LDAP server login credentials. This could lead to unauthorized access to sensitive information and systems, posing a business risk of data breach and further compromise. Organizations should identify and secure affected systems.

2Halo Surface Signal

Fortinet Fortiadc

5.4.0 to before 5.4.56.0.0 to before 6.0.26.1.0before 6.0.3

External exposure likelihood

Halo Surface Signal score for CVE-2018-13374

The vulnerability involves an LDAP server connectivity test function within FortiGate and FortiADC appliances. While these devices are often internet-facing, this specific administrative test function is typically used by internal administrators and is not a standard service exposed to the public internet in normal operation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Horizon Alert

Summary of the vulnerability and why it matters

The identified vulnerability affects Fortinet's FortiOS and FortiADC products. A flaw in access control allows an attacker to trick the system into revealing configured LDAP server login credentials. This could lead to unauthorized access to sensitive user information.

  • Vulnerable Fortinet products
  • Improper access control flaw
  • Disclosure of LDAP credentials

Attack Path

How an attacker could exploit the issue

This vulnerability impacts organizations using specific versions of Fortinet FortiOS and FortiADC. An attacker could exploit this to gain access to sensitive LDAP server login credentials. This could lead to further compromise of systems and data that rely on these credentials for authentication. The business risk involves unauthorized access to network resources and potential data breaches.

  • External network exposure required.
  • Attacker accesses credentials.
  • Triggering LDAP test leads to control.

Live Threat

Current exploitation, exposure, and threat context

The described vulnerability could allow an attacker to obtain sensitive LDAP credentials. Exploitation requires an attacker to interact with a specific administrative test function. The potential for credential compromise presents a business risk, as these credentials could be used for further unauthorized access.

  • Low attacker skill level required.
  • Access to the administrative interface is needed.
  • Business risk is moderate.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability may allow an attacker to obtain sensitive credentials. An organization should take immediate action to identify and secure affected systems to mitigate business risk.

  • Find affected Fortinet assets.
  • Reduce exposure or isolate risk.
  • Fix, verify, and monitor.

Frequently asked questions

What are Fortinet FortiOS and FortiADC?

FortiOS is the operating system for FortiGate firewalls, providing network security functions such as firewalls and VPNs. FortiADC is a product designed for load balancing. Both are utilized by organizations for network management and security.

What is the weakness in CVE-2018-13374?

CVE-2018-13374 involves an improper access control vulnerability. This weakness permits an attacker to acquire sensitive LDAP server login credentials configured within FortiGate by redirecting a LDAP server connectivity test request to a rogue server.

How can an attacker exploit CVE-2018-13374?

An attacker can exploit this vulnerability by directing a LDAP server connectivity test request to a rogue LDAP server instead of the one configured on the FortiGate, thereby obtaining the credentials.

What is the relevance of the Halo Surface Signal for CVE-2018-13374?

The Halo Surface Signal indicates this vulnerability is unlikely to be exploited externally. The vulnerability relies on an administrative test function, typically not exposed publicly, making it less probable for external attackers to trigger.

What steps should an organization take regarding this vulnerability?

Organizations should identify all affected Fortinet assets, reduce or isolate any associated risks, and apply necessary fixes. Verification and ongoing monitoring are crucial after remediation to ensure security.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified