CVE-2018-13379

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

  • OS
    Any OS
  • Version
    Any Version
  • Type
    Any Type

2 fixes found:

    Workaround

    temporary solution: disable the SSL-VPN service
    Published Date:May 24, 2019
    Updated Date:May 24, 2019
    • Version Update

      FortiGaurd Labs advisory FG-IR-18-384
      Published Date:May 24, 2019
      Updated Date:May 24, 2019