HTTP: Fortinet FortiOS SSL VPN Unauthenticated Arbitrary File Read
This signature detects attempts to exploit a known vulnerability against Fortinet FortiOS. A successful attack can lead to directory traversal and arbitrary code execution.
Extended Description
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
Affected Products
Fortinet fortiproxy
Short Name
HTTP:DIR:FORTIOS-SSLVPN-ARBREAD
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary CVE-2018-13379 File FortiOS Fortinet Read SSL Unauthenticated VPN bid:108693
Release Date
12/10/2020
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3727
False Positive
Unknown
Vendors
Fortinet
CVSS Score
5.0