Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)
Description
FortiOS SSL VPN web portal contains a path traversal vulnerability (CVE-2018-13379) that allows unauthenticated attackers to read arbitrary files from the Fortigate device's filesystem. By manipulating HTTP resource requests with directory traversal sequences, attackers can bypass access controls and retrieve sensitive system files without requiring valid credentials.
Remediation
Apply security patches immediately by upgrading to a fixed FortiOS version: 5.6.8 or later for the 5.6 branch, 6.0.5 or later for the 6.0 branch, or 6.2.0 or later for the 6.2 branch. After patching, perform the following steps:
1. Review logs for indicators of exploitation (unusual file access patterns in HTTP requests to the SSL VPN portal)
2. Reset all SSL VPN user credentials as a precautionary measure
3. Audit VPN access logs for unauthorized connections
4. Consider implementing network-level access controls to restrict SSL VPN portal access to trusted IP ranges where feasible
5. Monitor FortiGuard advisories for additional guidance at https://fortiguard.com/psirt/FG-IR-18-384