Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2018-13379 Path Traversal in Fortinet FortiOS

Disclosure Date: June 04, 2019
Add any MITRE ATT&CK Tactics to the list below that apply to this CVE.

Description

An Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

Add Assessment

General Information

Vendors

  • Fortinet

Products

  • Fortinet FortiOS
Technical Analysis