CVE-2018-13379: Fortinet FortiOS SSL VPN Path Traversal Vulnerability.
Fortinet FortiOS SSL VPN Path Traversal Vulnerability. Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.
- CISA KEV-listed (remediation due 2022-05-03)
- used in ransomware campaigns
- EPSS 94.5% (100.0% percentile)
Detection rules
- Fortinet CVE-2018-13379 Exploitation critical