Description
During the scan, Cytrix managed to find Path Traversal (CVE-2018-13379) vulnerability.
Fortinet FortiOS SSL VPN Path Traversal in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal.
An attacker could use this vulnerability to download system related files by building and using special crafted HTTP resources based requests.
Severity/Score
CVSS Version 3.x – 9.8 Critical
Recommendation
Update to the latest version released by Fortinet.
You may use the link below in order to do that.
References
https://www.fortiguard.com/psirt/FG-IR-18-384
https://cwe.mitre.org/data/definitions/22.html