External risk intelligence

Fortinet SSL VPN Path Traversal Vulnerability.

CVE advisoryKnown Exploit

CVE-2018-13379

An improper limitation in Fortinet SSL VPN web portals allows unauthenticated attackers to download system files. This could lead to unauthorized access to sensitive data and pose a business risk. Organizations should identify exposed assets and apply vendor fixes.

5Halo Surface Signal

Path Traversal

Fortinet Fortiproxy

before 1.2.92.0.05.4.6 to before 5.4.135.6.3 to before 5.6.86.0.0 to before 6.0.5

External exposure likelihood

Halo Surface Signal score for CVE-2018-13379

The vulnerability affects the SSL VPN web portal of Fortinet appliances. SSL VPNs are designed to be public-facing edge gateways, providing remote access to internal networks. This service is intended to be reachable from the internet in normal, common deployment scenarios.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

An issue within the SSL VPN web portal of Fortinet products allows an attacker to access system files. This flaw stems from an improper limitation in how the system handles file path requests. Such a vulnerability could enable unauthorized access to sensitive organizational data.

  • Vulnerable SSL VPN web portal
  • Path traversal flaw
  • Sensitive data access impact

Attack Path

How an attacker could exploit the issue

The identified vulnerability allows an unauthenticated attacker to access and download system files. This is achieved by sending specially crafted HTTP requests to the SSL VPN web portal. The attacker exploits a path traversal flaw to navigate the system and retrieve sensitive files.

  • External access to SSL VPN portal.
  • Attacker sends crafted HTTP requests.
  • Attacker downloads system files.

Live Threat

Current exploitation, exposure, and threat context

The analyzed vulnerability allows an unauthenticated attacker to download sensitive system files from affected Fortinet devices by exploiting a path traversal flaw in the SSL VPN web portal. This could lead to the exposure of user credentials and potentially grant attackers access to internal networks. As this vulnerability has been actively exploited and is associated with ransomware attacks, it poses a significant risk to organizations.

  • Low skill, automated tools
  • Publicly exposed SSL VPN
  • High business risk, urgent action needed

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

An authenticated attacker may exploit a path traversal vulnerability in Fortinet SSL VPN web portals to download system files. The business impact can include unauthorized access to sensitive system information, potentially leading to further compromise. The exploitability is high due to the ease of access via specially crafted HTTP requests.

  • Identify exposed Fortinet SSL VPN assets.
  • Reduce exposure or isolate affected systems.
  • Apply vendor fixes and verify.
  • Monitor for related activity.

Frequently asked questions

What is Fortinet FortiOS and FortiProxy?

FortiOS is the operating system for FortiGate firewalls, and FortiProxy is a secure web gateway appliance. These products are used by organizations to secure their networks, manage internet access, and provide VPN services for remote users.

What is CVE-2018-13379 and what kind of weakness is it?

CVE-2018-13379 is a critical vulnerability found in Fortinet's SSL VPN web portal. It's classified as a "Path Traversal" weakness (CWE-22), meaning an attacker can manipulate requests to access files and directories outside of their intended scope.

How can an attacker exploit this vulnerability?

An unauthenticated attacker can exploit this by sending specially crafted HTTP requests to the SSL VPN web portal. This bypasses normal access controls, allowing the attacker to download sensitive system files without needing any credentials.

Who should be concerned about this vulnerability based on its exposure?

Organizations using Fortinet FortiOS or FortiProxy with an SSL VPN web portal that is accessible from the internet should be concerned. This is because the vulnerability is exposed externally, making it a potential entry point for attackers.

What should I do if I'm running this technology?

First, identify if your organization uses the affected versions of FortiOS or FortiProxy. If so, prioritize applying the necessary updates or patches provided by Fortinet to mitigate this risk.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified