CVE-2018-13374: Fortinet FortiOS and FortiADC Improper Access Control
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability. Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.
- CISA KEV-listed (remediation due 2022-09-29)
- used in ransomware campaigns
- EPSS 3.4% (87.6% percentile)