CVE-2018-13379
Published: 04 June 2019
Summary
CVE-2018-13379 is a critical-severity Path Traversal (CWE-22) vulnerability in Fortinet Fortios. Its CVSS base score is 9.1 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2018-13379 is a path traversal vulnerability (CWE-22) affecting the SSL VPN web portal in Fortinet FortiOS versions 6.0.0 through 6.0.4, 5.6.3 through 5.6.7, and 5.4.6 through 5.4.12, as well as FortiProxy versions 2.0.0, 1.2.0 through 1.2.8, 1.1.0 through 1.1.6, and 1.0.0 through 1.0.7. The flaw permits specially crafted HTTP resource requests to bypass directory restrictions and access files outside the intended web portal scope.
An unauthenticated remote attacker can exploit the issue over the network without credentials or user interaction to download arbitrary system files, resulting in high confidentiality and availability impact as reflected in its CVSS 9.1 score.
FortiGuard advisories FG-IR-18-384 and FG-IR-20-233 provide official guidance and patches for the affected Fortinet products. The vulnerability appears in the CISA Known Exploited Vulnerabilities catalog, confirming observed real-world exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-5323
Vulnerability details
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN…
more
web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates HTTP resource request paths to block traversal sequences that escape the intended SSL VPN web portal directory.
Enforces access-control policy on portal resources so that unauthenticated requests cannot retrieve files outside the allowed scope.
Mediates information flows between the SSL VPN portal and the file system, denying unauthorized exfiltration of system files.