| IR Number | FG-IR-18-157 |
| Date | Jun 1, 2021 |
| Severity |
Low |
| CVSSv3 Score | 4.2 |
| Impact | Improper Access Control |
| CVE ID | CVE-2018-13374 |
| CVRF | Download |
| Language |
Refine Search
PSIRT Advisories
FortiGate & FortiADC - Read-only admins can obtain the LDAP credentials configured in the FortiGate and FortiADC using the LDAP test connectivity feature
Summary
FortiGate's and FortiADC's read-only admins are able to point an LDAP server connectivity test request to a rogue LDAP server instead of the configured one, in order to obtain the LDAP server login credentials configured in the FortiGate.
Affected Products
FortiOS 6.0.2 and belowFortiADC 6.1.0 and below
FortiADC 6.0.1 and below
FortiADC 5.4.4 and below
Solutions
Upgrade to FortiOS 6.0.3 or upcoming 6.2.0
Please upgrade to FortiADC 6.1.1 or above.
Please upgrade to FortiADC 6.0.2 or above.
Please upgrade to FortiADC 5.4.5 or above.