Unrated severityCISA KEVNVD Advisory· Published May 29, 2019· Updated Oct 21, 2025

CVE-2018-13383

Description

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

Affected products

Fortinet/Fortinet FortiOS and FortiProxyv5
Range: FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier, FortiProxy 2.0.0, 1.2.8 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.com/advisory/FG-IR-18-388mitrex_refsource_CONFIRM
fortiguard.com/advisory/FG-IR-20-229mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.060