← ExploitWatch
HomeExploited Vulnerabilities

CVE-2018-13382 — Actively Exploited: FortiOS and FortiProxy (Fortinet)

An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.

CVE IDCVE-2018-13382
VendorFortinet
ProductFortiOS and FortiProxy
Vulnerability nameFortinet FortiOS and FortiProxy Improper Authorization
Date added2022-01-10
Remediation due2022-07-10
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionAn Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →