CVE-2018-13376

EUVD-2018-5320
An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
fortinetfortios
𝑥
≤ 5.2.12
fortinetfortios
5.4.6 ≤
𝑥
≤ 5.4.7
fortinetfortios
5.6.1 ≤
𝑥
≤ 5.6.3
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/106036
https://fortiguard.com/advisory/FG-IR-18-325
https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt
http://www.securityfocus.com/bid/106036
https://fortiguard.com/advisory/FG-IR-18-325
https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180031.txt