CVE-2018-13375
Last modified
CVE-2018-13375 is a vulnerability of currently unknown severity. An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).. EPSS estimates a 0.65% chance of exploitation in the next 30 days.
Description
An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortianalyzer | <= 5.6.0 |
| Fortinet | Fortimanager | <= 5.6.0 |
References
- https://fortiguard.com/advisory/FG-IR-18-121Vendor Advisory
- https://fortiguard.com/advisory/FG-IR-18-121Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-13375?
How severe is CVE-2018-13375?
How do I fix CVE-2018-13375?
Are you affected by CVE-2018-13375?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST