Fortinet – Path Traversal (CVE-2018-13379)

Home » blog » Fortinet – Path Traversal (CVE-2018-13379)

Description

During the scan, Kayran managed to find Path Traversal (CVE-2018-13379) vulnerability.
Fortinet FortiOS SSL VPN Path Traversal in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal.

An attacker could use this vulnerability to download system related files by building and using special crafted HTTP resources based requests.

Recommendation

Update to the latest version released by Fortinet.
You may use the link below in order to do that.

References

https://www.fortiguard.com/psirt/FG-IR-18-384

< Return to all Vulnerabilities

Lights, camera, where is the Script? – JavaScript in short

We know HTML is all about editing, CSS is all about designing, what’s left you ask? Well, JavaScript of course! In other words, JS is

Assets – Not just for Realtors

Throughout our lives we have learned that almost everything has a value. Whether it’s your car, phone and even a piece of paper lying down

Zeroed In – Zero-Day Attacks

If you are familiar with programming, you know that Zero ([0]) is usually the starting point of arrays, that is called Zero-based numbering, what does

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Enterprise Mobility – BYOD vs. CYOD

We know that “demarcation” of our Enterprise Mobility is very important in the field of Information Security especially when we talk about the devices being

Your SQL got the I(njection)

We’ve talked about it before right? or am i the only one having a Deja-Vu? Or an SQL Injection? No on likes doctors, or needles,

WEB APPLICATION VULNERABILITY SCANNER