5
CVSSv2

CVE-2018-13379

Published: 04/06/2019 Updated: 10/06/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 under SSL VPN web portal allows an unauthenticated malicious user to download system files via special crafted HTTP resource requests.

Vulnerability Trend

Affected Products

Vendor Product Versions
FortinetFortios5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4

Exploits

# Exploit Title: FortiOS Leak file - Reading login/passwords in clear text # Google Dork: intext:"Please Login" inurl:"/remote/login" # Date: 17/08/2019 # Exploit Author: Carlos E Vieira # Vendor Homepage: wwwfortinetcom/ # Software Link: wwwfortinetcom/products/fortigate/fortioshtml # Version: This vulnerability affect ( For ...
# Exploit Title: FortiOS Leak file - Reading login/passwords in clear text # Google Dork: intext:"Please Login" inurl:"/remote/login" # Date: 17/08/2019 # Exploit Author: Carlos E Vieira # Vendor Homepage: wwwfortinetcom/ # Software Link: wwwfortinetcom/products/fortigate/fortioshtml # Version: This vulnerability affect ( For ...

Mailing Lists

This Metasploit module exploits FortiOS versions 563 through 567 and 600 through 604 to leverage a credential disclosure vulnerability by reading the /dev/cmdb/sslvpn_websession file ...
FortiOS versions 563 through 567 and 600 through 604 suffer from a credential disclosure vulnerability ...

Github Repositories

CVE-2018-13379 CVE-2018-13379