CVE-2018-13379

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 5.4.6 through 5.4.12 Fortinet FortiOS versions 5.6.3 through 5.6.7 Fortinet FortiOS versions 6.0.0 through 6.0.4 FortiProxy versions 1.0.0 through 1.0.7 FortiProxy versions 1.1.0 through 1.1.6 FortiProxy versions 1.2.0 through 1.2.8 FortiProxy version 2.0.0

Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as a path traversal vulnerability, in the Fortinet FortiOS SSL VPN web portal. This allows an unauthenticated attacker to download system files via specially crafted HTTP resource requests. The vulnerability has been exploited in real-world incidents, with over 500,000 Fortinet VPN account credentials leaked. Additionally, there have been reports of attackers using this vulnerability to gain access to FortiGate SSL-VPN devices, with over 87,000 devices affected.

Recommendations For Fortinet FortiOS versions 5.4.6 through 5.4.12, update to a patched version to resolve the issue. For Fortinet FortiOS versions 5.6.3 through 5.6.7, update to a patched version to resolve the issue. For Fortinet FortiOS versions 6.0.0 through 6.0.4, update to a patched version to resolve the issue. For FortiProxy versions 1.0.0 through 1.0.7, update to a patched version to resolve the issue. For FortiProxy versions 1.1.0 through 1.1.6, update to a patched version to resolve the issue. For FortiProxy versions 1.2.0 through 1.2.8, update to a patched version to resolve the issue. For FortiProxy version 2.0.0, update to a patched version to resolve the issue. As a temporary workaround, consider restricting access to the SSL VPN web portal until a patch is available. It is also critical to reset passwords after upgrading to a patched version, in case credentials have already been compromised.