CVE-2018-13371: 
FortiOS vulnerability analysis and mitigation

An external control of system vulnerability (CVE-2018-13371) was identified in FortiOS that affects multiple versions of the software. The vulnerability allows an authenticated regular user to modify the routing settings of the device by connecting to the ZebOS component. This vulnerability was disclosed in 2018 and affects FortiOS versions up to 5.4.10, versions 5.6.0 to 5.6.7, and versions 6.0.0 to 6.0.2 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and a CVSS v2.0 Base Score of 6.5 (MEDIUM). The vulnerability is classified under CWE-20 (Improper Input Validation) and allows authenticated users to manipulate routing settings through unauthorized access to the ZebOS component (NVD).

The vulnerability enables authenticated users with regular privileges to modify the device's routing settings, potentially leading to network disruption and unauthorized control over network traffic flow. This could result in significant impact on network security and operations (NVD).

Organizations should upgrade to the latest version of FortiOS that addresses this vulnerability. The affected versions include FortiOS versions up to 5.4.10, versions 5.6.0 to 5.6.7, and versions 6.0.0 to 6.0.2 (NVD).