Fortinet – Path Traversal (CVE-2018-13379)

Description

During the scan, Kayran managed to find Path Traversal (CVE-2018-13379) vulnerability.
Fortinet FortiOS SSL VPN Path Traversal in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal.

An attacker could use this vulnerability to download system related files by building and using special crafted HTTP resources based requests.

Recommendation

Update to the latest version released by Fortinet.
You may use the link below in order to do that.

References

https://www.fortiguard.com/psirt/FG-IR-18-384

< Return to all Vulnerabilities

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »