At a glance:

IR Number FG-IR-18-157
Date Jun 1, 2021
Risk
CVSSv3 Score 4.2
Impact Improper Access Control
CVE ID CVE-2018-13374
CVRF Download

FortiGate & FortiADC - Read-only admins can obtain the LDAP credentials configured in the FortiGate and FortiADC using the LDAP test connectivity feature

FortiGate & FortiADC - Read-only admins can obtain the LDAP credentials configured in the FortiGate and FortiADC using the LDAP test connectivity feature

Summary

FortiGate's and FortiADC's  read-only admins are able to point an LDAP server connectivity test request to a rogue LDAP server instead of the configured one, in order to obtain the LDAP server login credentials configured in the FortiGate.

Affected Products

FortiOS 6.0.2 and below
FortiADC 6.1.0 and below
FortiADC 6.0.1 and below
FortiADC 5.4.4 and below

Solutions

Upgrade to FortiOS 6.0.3 or upcoming 6.2.0

Please upgrade to FortiADC 6.1.1 or above.
Please upgrade to FortiADC 6.0.2 or above.
Please upgrade to FortiADC 5.4.5 or above.

Acknowledgement

Fortinet is pleased to thank Julio Engels Ureña Martinez for reporting this vulnerability under responsible disclosure.