CVE-2018-13374
Fortinet / FortiOS and FortiADC
Ransomware campaign
Added 2022-09-08
Due 2022-09-29
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability
Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.
Required action
Apply updates per vendor instructions.
Notes: https://www.fortiguard.com/psirt/FG-IR-18-157; https://nvd.nist.gov/vuln/detail/CVE-2018-13374
Metadata
| Added to KEV | 2022-09-08 |
| Remediation due | 2022-09-29 |
| Ransomware use | Known |
| CWEs | CWE-732 |
| Ingested | 2026-04-24 15:03:13 |
Cross-mesh regulatory overlay
If you're breached via this CVE, what disclosure laws and cyber regs fire? Asks LexiWorld and RegulatoryRadar via signed mesh.