CVE-2018-13375

CVE Database · CVE-2018-13375

CVE-2018-13375

· N/AModified

CVSS v3.1

N/A

EPSS

0.65%

Published

May 28, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).

Weaknesses (CWE)

CWE-79

Affected Products (2)

fortinet · fortianalyzervulnerable

fortinet · fortimanagervulnerable

References (2)

https://fortiguard.com/advisory/FG-IR-18-121

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-18-121

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs