Description

A directory traversal vulnerability exists on Fortigate SSL VPN. An attacker can craft a request that accesses potentially sensitive information in the Fortigate's filesystem.

Remediation

Upgrade to FortiOS 5.6.8, 6.0.5 or 6.2.0

References

FortiOS system file leak through SSL VPN via specially crafted HTTP resource requests

Infiltrating Corporate Intranet Like NSA

Related Vulnerabilities

WordPress Plugin Easy Forms for MailChimp Local File Inclusion (6.0.5.5)

Openfire Path Traversal (CVE-2023-32315)

Joomla! Core 3.4.x Directory Traversal (3.4.0 - 3.4.5)

Opencart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2013-1891)

WordPress 4.5.3 Directory Traversal Vulnerability (4.5.3)

Severity

High

Classification

CVE-2018-13379 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal