CVE-2018-13379

Description from NVD

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

Information Acquisition Date:2021-09-13T14:29Z
CVSS 2.0: 5.0 MEDIUM CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:N/A:N

NVD References

 https://fortiguard.com/advisory/FG-IR-18-384
     source:CONFIRM
     tags:Mitigation    Vendor Advisory    
 https://www.fortiguard.com/psirt/FG-IR-20-233
     source:CONFIRM
     tags:

Description from Forti

FortiOS system file leak through SSL VPN via specially crafted HTTP resource requests

This indicates an attack attempt to exploit an Information Disclosure Vulnerability in FortiOS.The vulnerability is due to an error in the vulnerable application when handling a malicious request. An unauthenticated attacker can exploit this to access sensitive information on the affected machine via a crafted request.

Information Acquisition Date:2020/12/01

Affected Products

FortiOS 6.0 - 6.0.0 to 6.0.4

Impact

Information Disclosure

Recommended Actions

Refer to the vendor's advisory for updates:
https://fortiguard.com/psirt/FG-IR-18-384

References

None

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: VPN(25 tweets) iOS(6 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...264
https://lists.astaro.com/ASGV9-IPS-rules.html54
http://mi6rogue.com/news6
https://cloudsek.com/threatintelligence/fortinet-ssl-vpn-vu...5
https://twitter.com/search?src=sprv&q=CVE-2018-133794
https://www.ic3.gov/Media/News/2021/210402.pdf4
https://www.tenable.com/blog/cve-2018-13379-cve-2019-5591-c...4
https://www.jpcert.or.jp/newsflash/2020112701.html4
https://awakesecurity.com/blog/exploiting-cve-2018-13379-a-...4
https://www.incibe-cert.es/alerta-temprana/vulnerabilidades...4
https://bit.ly/3t3mpim3
https://ift.tt/3tIcakN3
https://zero.bs/sb-2031-ips-and-datasets-for-49k-fortinet-v...3
https://github.com/anasbousselham/fortiscan3
https://www.fbi.gov/news/pressrel/press-releases/russian-fo...3
https://www.zdnet.com/article/hacker-groups-chain-vpn-and-w...3
https://fortiguard.com/encyclopedia/ips/483213
https://www.nisc.go.jp/active/infra/pdf/fortinet20201203.pdf3
https://therecord.media/new-cring-ransomware-deployed-via-u...3
https://news.yahoo.co.jp/byline/ohmototakashi/20201128-0021...3
https://us-cert.cisa.gov/ncas/alerts/aa20-283a3
https://www.fortinet.com/blog/business-and-technology/updat...3
https://securityaffairs.co/wordpress/116480/cyber-crime/cri...3
https://www.checkpoint.com/defense/advisories/public/2019/c...3
https://www.fortinet.co.jp/blog/business-and-technology/upd...3
https://www.proofpoint.com/us/daily-ruleset-update-summary-...3
https://ics-cert.kaspersky.com/reports/2021/04/07/vulnerabi...3
https://www.bleepingcomputer.com/news/security/hacker-posts...3

▼ Show Information from Twitter(83)


List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com264
lists.astaro.com54
mi6rogue.com6
cloudsek.com5
twitter.com4
www.ic3.gov4
www.tenable.com4
www.jpcert.or.jp4
awakesecurity.com4
www.incibe-cert.es4
bit.ly3
ift.tt3
zero.bs3
github.com3
www.fbi.gov3
www.zdnet.com3
fortiguard.com3
www.nisc.go.jp3
therecord.media3
news.yahoo.co.jp3
us-cert.cisa.gov3
www.fortinet.com3
securityaffairs.co3
www.checkpoint.com3
www.fortinet.co.jp3
www.proofpoint.com3
ics-cert.kaspersky.com3
www.bleepingcomputer.com3

▼ Show Information from Twitter(83)


GitHub Search Results: Up to 10
NameURL
milo2012/CVE-2018-13379 https://github.com/milo2012/CVE-2018-13379
0xHunter/FortiOS-Credentials-Disclosure https://github.com/0xHunter/FortiOS-Credentials-Disclosure
Blazz3/cve2018-13379-nmap-script https://github.com/Blazz3/cve2018-13379-nmap-script
B1anda0/CVE-2018-13379 https://github.com/B1anda0/CVE-2018-13379
yukar1z0e/CVE-2018-13379 https://github.com/yukar1z0e/CVE-2018-13379
k4nfr3/CVE-2018-13379-Fortinet https://github.com/k4nfr3/CVE-2018-13379-Fortinet
pwn3z/CVE-2018-13379-FortinetVPN https://github.com/pwn3z/CVE-2018-13379-FortinetVPN
Zeop-CyberSec/fortios_vpnssl_traversal_leak https://github.com/Zeop-CyberSec/fortios_vpnssl_traversal_leak
jpiechowka/at-doom-fortigate https://github.com/jpiechowka/at-doom-fortigate
hackingyseguridad/directoriotraversal https://github.com/hackingyseguridad/directoriotraversal

GitHub Search Results: Up to 10
NameURL
milo2012/CVE-2018-13379 github.com
0xHunter/FortiOS-Credentials-Disclosure github.com
Blazz3/cve2018-13379-nmap-script github.com
B1anda0/CVE-2018-13379 github.com
yukar1z0e/CVE-2018-13379 github.com
k4nfr3/CVE-2018-13379-Fortinet github.com
pwn3z/CVE-2018-13379-FortinetVPN github.com
Zeop-CyberSec/fortios_vpnssl_traversal_leak github.com
jpiechowka/at-doom-fortigate github.com
hackingyseguridad/directoriotraversal github.com

2021/09/17 Score : 1
Added Har-sia Database : 2020/02/17
Last Modified : 2021/09/17
Highest Scored Date : 2021/04/09
Highest Score : 35