Fortinet – Path Traversal (CVE-2018-13379)

Description

Path Traversal (CVE-2018-13379) vulnerability.

Fortinet FortiOS SSL VPN Path Traversal in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal.

Bussines Impact

An attacker could use this vulnerability to download system files via special crafted HTTP resource requests.

Recommendation

Updated to the latest version released by Fortinet.

Reference

https://www.fortiguard.com/psirt/FG-IR-18-384