Russian Vulnerability Scanner Database

Back to List

CVE-2018-13379

Scores

EPSS Score

0.9447

CVSS

3.x 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

All CVSS Scores

CVSS 4.0
0.0
CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Description

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

Sources

nvd

CWEs

CWE-22

Related Vulnerabilities

BDU:2019-02981

Exploits

Exploit ID: CVE-2018-13379

Source: cisa

URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Exploit ID: 47287

Source: exploitdb

URL: https://www.exploit-db.com/exploits/47287

Exploit ID: 47288

Source: exploitdb

URL: https://www.exploit-db.com/exploits/47288

Reference Links

https://fortiguard.com/advisory/FG-IR-18-384
https://www.fortiguard.com/psirt/FG-IR-20-233
https://fortiguard.com/advisory/FG-IR-18-384
https://www.fortiguard.com/psirt/FG-IR-20-233

Vulnerable Software

Type: Configuration

Vendor: fortinet

Product: fortios

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "1.2.9",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "5.4.13",
      "versionStartIncluding": "5.4.6",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "5.6.8",
      "versionStartIncluding": "5.6.3",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "6.0.5",
      "versionStartIncluding": "6.0.0",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd

Type: Configuration

Vendor: fortinet

Product: fortiproxy

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "1.2.9",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "5.4.13",
      "versionStartIncluding": "5.4.6",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "5.6.8",
      "versionStartIncluding": "5.6.3",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "6.0.5",
      "versionStartIncluding": "6.0.0",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd