Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)

Severity:

High

Summary

Invicti detected Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)

A directory traversal vulnerability exists on Fortigate SSL VPN. An attacker can craft a request that accesses potentially sensitive information in the Fortigate's filesystem.

Impact

An attacker could exploit this vulnerability to gain unauthorized read access to sensitive files including users VPN credentials.

Remediation

Upgrade to the latest version of FortiOS

Required Skills for Successful Exploitation

Actions To Take

Classifications

CWE-22

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)

Cross-site Scripting

Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)

Local File Inclusion (IAST)

Cross-site Scripting (DOM based)

Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)

Vulnerability Index

Select Category

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.