Fortinet – Path Traversal (CVE-2018-13379)

Description

During the scan, Cytrix managed to find Path Traversal (CVE-2018-13379) vulnerability.
Fortinet FortiOS SSL VPN Path Traversal in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal.

An attacker could use this vulnerability to download system related files by building and using special crafted HTTP resources based requests.

Severity/Score

CVSS Version 3.x – 9.8 Critical

Recommendation

Update to the latest version released by Fortinet.
You may use the link below in order to do that.

References

https://www.fortiguard.com/psirt/FG-IR-18-384
https://cwe.mitre.org/data/definitions/22.html