CVE-2018-13379 Scanner
Detects 'Path Traversal' vulnerability in Fortinet FortiOS, FortiProxy affects v. FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7.
Short Info
Level
Critical
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Url
Parent Category
CVE-2018-13379 Scanner Detail
Fortinet FortiOS and FortiProxy are security products that are designed to provide protection for digital assets by securing network infrastructures, endpoints, applications, and clouds. Fortinet FortiOS is a powerful operating system that runs on FortiGate network security appliances, allowing customers to stay ahead of the evolving threat landscape while simplifying their overall security posture. FortiProxy, on the other hand, is a web proxy appliance that provides a secure web gateway for protecting users from threats on the internet.
The CVE-2018-13379 vulnerability is a critical security flaw that was detected in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7, and 5.4.6 to 5.4.12, as well as FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, and 1.0.0 to 1.0.7. This vulnerability, also known as "Path Traversal," occurs when a system fails to limit a pathname, allowing unauthenticated attackers to download system files via specially crafted HTTP resource requests.
If the CVE-2018-13379 vulnerability is exploited, it can lead to a significant data breach and the loss of sensitive information. Attackers can gain access to confidential data, such as user login credentials, financial records, and intellectual property. This vulnerability can also lead to the installation of malicious software that can cause system crashes, infrastructure failures, and other serious consequences.
Securityforeveryone.com offers a platform with pro features that makes it easy and quick to learn about vulnerabilities in your digital assets. By signing up for this platform, you can receive comprehensive reports on the vulnerabilities present in your digital assets and get actionable and timely advice on how to fix them. With securityforeveryone.com, you can rest assured that your digital assets are protected against the latest vulnerabilities and threats.
REFERENCES
- http://packetstormsecurity.com/files/154146/FortiOS-5.6.7-6.0.4-Credential-Disclosure.html
- http://packetstormsecurity.com/files/154147/FortiOS-5.6.7-6.0.4-Credential-Disclosure.html
- http://www.securityfocus.com/bid/108693
- https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn/
- https://fortiguard.com/advisory/FG-IR-18-384
- https://github.com/blacklotuslabs/Development/blob/master/Mitigations/CVE/CVE-2018-13379/CVE-2018-13379%20-%20Summary%20%26%20Emergency%20Mitigations.pdf
- https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
control security posture