HomePentest-Tools.com Logo

FortiOS SSL VPN - Arbitrary File Read CVE-2018-13379

Severity
CVSSv3 Score
9.8
Vulnerability description

FortiOS SSL VPN server is affected by an Arbitrary File Read through a Path Traversal (broken limitation of a file path to a restricted folder) vulnerability, located in the fgt_lang endpoint and in the lang parameter. The root cause of this vulnerability consists in insufficient checks on the URL, that an attacker can exploit to leak system files with specially crafted HTTP requests.

Risk description

The risk exists that a remote unauthenticated attacker can fully steal the credentials for all users that are present on the ForstOS SSL VPN server.

Exploit capabilities

Sniper can read arbitrary files from the target system and extract them as evidence.

Recommendation

Upgrade to FortiOS 5.4.13, 5.6.8, 6.0.5, 6.2.0 or above.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Sniper
Exploitable with Sniper
Yes
CVE Published
May 1, 2019
Detection added at
Software Type
VPN gateway
Vendor
Fortinet
Product
FortiGateway SSL VPN