var-201906-0815
Vulnerability from variot

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. Fortinet FortiOS Contains a path traversal vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiOS is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information. Fortinet FortiOS 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. A path traversal vulnerability exists in the SSL VPN web portal in Fortinet FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0815",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.7"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.4"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.6.3 to  5.6.7"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "6.0.0 to  6.0.4"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0.4"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.7"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.6"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.4"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.3"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.2"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0.5"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.8"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108693"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015565"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13379"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.4",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.7",
                "versionStartIncluding": "5.6.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-13379"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Carlos E. Vieira,Meh Chang and Orange Tsai from DEVCORE Security Research Team.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1026"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2018-13379",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-13379",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-123432",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-13379",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-13379",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2018-13379",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-13379",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-1026",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-123432",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-13379",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123432"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-13379"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015565"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13379"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13379"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1026"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. Fortinet FortiOS Contains a path traversal vulnerability.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiOS is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker can exploit this issue using directory-traversal characters  (\u0027../\u0027) to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information. \nFortinet FortiOS 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. A path traversal vulnerability exists in the SSL VPN web portal in Fortinet FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-13379"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015565"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "BID",
        "id": "108693"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123432"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-13379"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=47288",
        "trust": 0.2,
        "type": "exploit"
      },
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-123432",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123432"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-13379"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-13379",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "108693",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015565",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "154146",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "154147",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1026",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021060121",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1889",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "47288",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-68839",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-99091",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-99092",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-123432",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-13379",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123432"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-13379"
      },
      {
        "db": "BID",
        "id": "108693"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015565"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13379"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1026"
      }
    ]
  },
  "id": "VAR-201906-0815",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123432"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:44:26.944000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-18-384",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-18-384"
      },
      {
        "title": "Fortinet FortiOS Repair measures for path traversal vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92978"
      },
      {
        "title": "forti",
        "trust": 0.1,
        "url": "https://github.com/nescam123/forti "
      },
      {
        "title": "CVE-2018-13379-FortinetVPN",
        "trust": 0.1,
        "url": "https://github.com/mandr4x/cve-2018-13379-fortinetvpn "
      },
      {
        "title": "Fortigate",
        "trust": 0.1,
        "url": "https://github.com/7elements/fortigate "
      },
      {
        "title": "CVE-2018-13379",
        "trust": 0.1,
        "url": "https://github.com/b1anda0/cve-2018-13379 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-13379"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015565"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1026"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015565"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13379"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-18-384"
      },
      {
        "trust": 1.7,
        "url": "https://www.fortiguard.com/psirt/fg-ir-20-233"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13379"
      },
      {
        "trust": 1.2,
        "url": "https://packetstormsecurity.com/files/154147/fortios-5.6.7-6.0.4-credential-disclosure.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.securityfocus.com/bid/108693"
      },
      {
        "trust": 0.9,
        "url": "https://www.fortinet.com/products/fortigate/fortios.html"
      },
      {
        "trust": 0.9,
        "url": "https://fortiguard.com/psirt/fg-ir-18-384"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13379"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://i.blackhat.com/usa-19/wednesday/us-19-tsai-infiltrating-corporate-intranet-like-nsa.pdf"
      },
      {
        "trust": 0.6,
        "url": "https://github.com/blacklotuslabs/development/blob/master/mitigations/cve/cve-2018-13379/cve-2018-13379%20-%20summary%20%26%20emergency%20mitigations.pdf"
      },
      {
        "trust": 0.6,
        "url": "https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/154146/fortios-5.6.7-6.0.4-credential-disclosure.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortios-directory-traversal-via-ssl-vpn-29414"
      },
      {
        "trust": 0.6,
        "url": "https://www.exploit-db.com/exploits/47288"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021060121"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1889"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123432"
      },
      {
        "db": "BID",
        "id": "108693"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015565"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13379"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1026"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-123432"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-13379"
      },
      {
        "db": "BID",
        "id": "108693"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015565"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13379"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1026"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123432"
      },
      {
        "date": "2019-06-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-13379"
      },
      {
        "date": "2019-05-24T00:00:00",
        "db": "BID",
        "id": "108693"
      },
      {
        "date": "2019-06-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015565"
      },
      {
        "date": "2019-06-04T21:29:00.233000",
        "db": "NVD",
        "id": "CVE-2018-13379"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2019-05-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-1026"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123432"
      },
      {
        "date": "2021-06-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-13379"
      },
      {
        "date": "2019-05-24T00:00:00",
        "db": "BID",
        "id": "108693"
      },
      {
        "date": "2019-06-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015565"
      },
      {
        "date": "2021-06-03T11:15:08.307000",
        "db": "NVD",
        "id": "CVE-2018-13379"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-06-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-1026"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1026"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiOS Path traversal vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015565"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1026"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.