CVE-2018-13376

An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
fortinetCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
fortinetfortios
𝑥
≤ 5.2.12
fortinetfortios
5.4.6 ≤
𝑥
≤ 5.4.7
fortinetfortios
5.6.1 ≤
𝑥
≤ 5.6.3
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/106036
https://fortiguard.com/advisory/FG-IR-18-325
https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt
http://www.securityfocus.com/bid/106036
https://fortiguard.com/advisory/FG-IR-18-325
https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt