Description
Path Traversal (CVE-2018-13379) vulnerability.
Fortinet FortiOS SSL VPN Path Traversal in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal.
Bussines Impact
An attacker could use this vulnerability to download system files via special crafted HTTP resource requests.
Recommendation
Updated to the latest version released by Fortinet.