Fortinet – Path Traversal (CVE-2018-13379)

Home » Blog » Fortinet – Path Traversal (CVE-2018-13379)

Description

During the scan, Kayran managed to find Path Traversal (CVE-2018-13379) vulnerability.
Fortinet FortiOS SSL VPN Path Traversal in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal.

An attacker could use this vulnerability to download system related files by building and using special crafted HTTP resources based requests.

Severity/Score

CVSS Version 3.x – 9.8 Critical

Recommendation

Update to the latest version released by Fortinet.
You may use the link below in order to do that.

References

https://www.fortiguard.com/psirt/FG-IR-18-384

https://cwe.mitre.org/data/definitions/22.html

< Return to all Vulnerabilities

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

WAF – Web Application Firewall

WAF, which stands for Web Application Firewall, helps protect web-based applications by blocking and preventing many common types of attacks which would otherwise have been

Assets – Not just for Realtors

Throughout our lives we have learned that almost everything has a value. Whether it’s your car, phone and even a piece of paper lying down

The Cloud

I’m pretty sure there isn’t a single adult in the world who hasn’t at least heard of The Cloud. Explaining “The Cloud” in 2022 may

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Zeroed In – Zero-Day Attacks

If you are familiar with programming, you know that Zero ([0]) is usually the starting point of arrays, that is called Zero-based numbering, what does

WEB APPLICATION VULNERABILITY SCANNER