Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379) - Vulnerability Database

Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)

Description

A directory traversal vulnerability exists on Fortigate SSL VPN. An attacker can craft a request that accesses potentially sensitive information in the Fortigate's filesystem.

Remediation

Upgrade to FortiOS 5.6.8, 6.0.5 or 6.2.0

References

FortiOS system file leak through SSL VPN via specially crafted HTTP resource requests
Infiltrating Corporate Intranet Like NSA

Related Vulnerabilities

ColdFusion directory traversal High
Common tags: Directory Traversal
WordPress Plugin WP AmASIN-The Amazon Affiliate Shop Directory Traversal (0.9.6) High
Common tags: Directory Traversal
WordPress Plugin WordPress Download Manager Directory Traversal (2.6.95) High
Common tags: Directory Traversal
WordPress Plugin NextGEN Gallery-WordPress Gallery Directory Traversal (2.0.0) High
Common tags: Directory Traversal
WordPress Plugin Advanced Dewplayer Directory Traversal (1.2) High
Common tags: Directory Traversal

Severity

High

Classification

CVE-2018-13379
CWE-22
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal