CVE-2018-13379
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- July 06, 2018
- Published Date
- June 04, 2019
- Last Updated
- October 23, 2024
- Vendor
- Fortinet
- Product
- Fortinet FortiOS, FortiProxy
- Description
- An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- partial
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2021-11-03 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-13379.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
nivdolgin/CVE-2018-13379
Type: github • Created: 2021-09-11 13:12:31 UTC • Stars: 0
B1anda0/CVE-2018-13379
Type: github • Created: 2020-12-14 12:17:03 UTC • Stars: 8
k4nfr3/CVE-2018-13379-Fortinet
Type: github • Created: 2020-11-19 21:22:25 UTC • Stars: 6
pwn3z/CVE-2018-13379-FortinetVPN
Type: github • Created: 2020-09-17 18:00:11 UTC • Stars: 1
yukar1z0e/CVE-2018-13379
Type: github • Created: 2020-05-18 01:37:13 UTC • Stars: 0
milo2012/CVE-2018-13379
Type: github • Created: 2019-08-11 09:44:37 UTC • Stars: 253