← Zuruck zu CVEs

CVE-2018-13379

CRITICALCISA KEV

9.1

Beschreibung

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

CVE Details

CVSS v3.1 Bewertung9.1

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht6/4/2019

Zuletzt geandert10/24/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerFortinet

ProduktFortiOS

SchwachstellennameFortinet FortiOS SSL VPN Path Traversal Vulnerability

KEV Aufnahmedatum2021-11-03

Behebungsfrist2022-05-03

Ransomware-NutzungKnown

Betroffene Produkte

fortinet:fortiosfortinet:fortiproxy

Schwachen (CWE)

CWE-22CWE-22

Referenzen

https://fortiguard.com/advisory/FG-IR-18-384(psirt@fortinet.com)

https://www.fortiguard.com/psirt/FG-IR-20-233(psirt@fortinet.com)

https://fortiguard.com/advisory/FG-IR-18-384(af854a3a-2127-422b-91ae-364da2661108)

https://www.fortiguard.com/psirt/FG-IR-20-233(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13379(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.