← ExploitWatch
HomeExploited Vulnerabilities

CVE-2018-13374 — Actively Exploited: FortiOS and FortiADC (Fortinet)

Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.

CVE IDCVE-2018-13374
VendorFortinet
ProductFortiOS and FortiADC
Vulnerability nameFortinet FortiOS and FortiADC Improper Access Control Vulnerability
Date added2022-09-08
Remediation due2022-09-29
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionFortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →