FG-IR-18-157: FortiGate & FortiADC - Read-only admins can obtain the LDAP credentials configured in the FortiGate and FortiADC using the LDAP test connectivity feature
First published: Tue Jun 01 2021(Updated: )
FortiGate's and FortiADC's read-only admins are able to point an LDAP server connectivity test request to a rogue LDAP server instead of the configured one, in order to obtain the LDAP server login credentials configured in the FortiGate.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet Fortigate | ||
| Fortinet FortiADC |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of FG-IR-18-157?
The FG-IR-18-157 vulnerability is considered critical due to its potential for exposing sensitive LDAP server credentials.
How do I fix FG-IR-18-157?
To remediate FG-IR-18-157, restrict read-only admin permissions and ensure LDAP server connectivity tests are directed to the correct server.
Who is affected by FG-IR-18-157?
Fortinet FortiGate and FortiADC products with read-only admin configurations are affected by the FG-IR-18-157 vulnerability.
What is the impact of FG-IR-18-157?
The impact of FG-IR-18-157 includes potential unauthorized access to LDAP credentials, leading to further exploitation of the network.
When was FG-IR-18-157 disclosed?
The FG-IR-18-157 vulnerability was disclosed in a security advisory by Fortinet.
- collector/fortiguard-psirt
- source/FortiGuard
- alias/CVE-2018-13374
- agent/title
- agent/last-modified-date
- agent/severity
- agent/references
- agent/type
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortinet fortigate
- canonical/fortinet fortiadc