← Voltar para CVEs

CVE-2018-13379

CRITICALCISA KEV

9.1

Descricao

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

Detalhes CVE

Pontuacao CVSS v3.19.1

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado6/4/2019

Ultima modificacao10/24/2025

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorFortinet

ProdutoFortiOS

Nome da vulnerabilidadeFortinet FortiOS SSL VPN Path Traversal Vulnerability

Data inclusao KEV2021-11-03

Prazo de remediacao2022-05-03

Uso em ransomwareKnown

Produtos afetados

fortinet:fortiosfortinet:fortiproxy

Fraquezas (CWE)

CWE-22CWE-22

Referencias

https://fortiguard.com/advisory/FG-IR-18-384(psirt@fortinet.com)

https://www.fortiguard.com/psirt/FG-IR-20-233(psirt@fortinet.com)

https://fortiguard.com/advisory/FG-IR-18-384(af854a3a-2127-422b-91ae-364da2661108)

https://www.fortiguard.com/psirt/FG-IR-20-233(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13379(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.