An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
History

Wed, 23 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2021-11-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2019-06-04T20:18:08

Updated: 2024-10-23T13:32:35.204Z

Reserved: 2018-07-06T00:00:00

Link: CVE-2018-13379

cve-icon Vulnrichment

Updated: 2024-08-05T09:00:35.028Z

cve-icon NVD

Status : Analyzed

Published: 2019-06-04T21:29:00.233

Modified: 2024-10-24T13:58:45.053

Link: CVE-2018-13379

cve-icon Redhat

No data.