CVE-2018-13379

Description

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

From the Tenable Blog

CVE-2018-13379, CVE-2019-5591, CVE-2020-12812: Fortinet Vulnerabilities Targeted by APT Actors

Published: 2021-04-08

Threat actors and ransomware groups are actively targeting three legacy Fortinet vulnerabilities. Background On April 2, the Federal Bureau of Investigation (FBI) along with the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory regarding activity involving advanced persistent threat (APT) actors.

CVE-2018-13379, CVE-2019-11510: FortiGate and Pulse Connect Secure Vulnerabilities Exploited In the Wild

Published: 2019-08-27

Attackers are exploiting arbitrary file disclosure vulnerabilities in popular SSL VPNs from Fortinet and PulseSecure.

References

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

https://www.ic3.gov/Media/News/2024/241010.pdf

https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a

https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a

https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report

https://www.darkreading.com/vulnerabilities-threats/everything-you-need-to-know-about-lockbit

https://www.tenable.com/blog/aa22-257a-cybersecurity-joint-advisory-on-iranian-islamic-revolutionary-guard-ransomware

https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem

https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a

https://www.tenable.com/blog/contileaks-chats-reveal-over-30-vulnerabilities-used-by-conti-ransomware-affiliates

https://www.tenable.com/blog/government-advisories-warn-of-apt-activity-resulting-from-russian-invasion-of-ukraine

https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective

https://www.cisa.gov/sites/default/files/publications/AA21-321A-Iranian%20Government-Sponsored%20APT%20Actors%20Exploiting%20Microsoft%20Exchange%20and%20Fortinet%20Vulnerabilities.pdf

https://web.archive.org/web/20211025233339/https://twitter.com/pancak3lullz/status/1452679527197560837

https://www.tenable.com/blog/hold-the-door-why-organizations-need-to-prioritize-patching-ssl-vpns

https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a

https://www.tenable.com/blog/one-year-later-what-can-we-learn-from-zerologon

https://www.tenable.com/blog/cve-2018-13379-cve-2019-5591-cve-2020-12812-fortinet-vulnerabilities-targeted-by-apt-actors

https://cisomag.com/cring-ransomware-targets-unpatched-vulnerabilities-in-fortinet-vpns/

https://www.ic3.gov/Media/News/2021/210402.pdf

https://www.tenable.com/blog/healthcare-security-ransomware-plays-a-prominent-role-in-covid-19-era-breaches

https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-296a

https://www.tenable.com/blog/government-agencies-warn-of-state-sponsored-actors-exploiting-publicly-known-vulnerabilities

https://www.tenable.com/blog/cve-2020-5135-critical-sonicwall-vpn-portal-stack-based-buffer-overflow-vulnerability

https://www.tenable.com/blog/cve-2020-2021-palo-alto-networks-pan-os-vulnerable-to-critical-authentication-bypass

https://www.tenable.com/blog/how-covid-19-response-is-expanding-the-cyberattack-surface

https://www.fortiguard.com/psirt/FG-IR-20-233

https://fortiguard.com/advisory/FG-IR-18-384

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3