NVD disclosure day

Published threat advisories for June 4, 2019

CVE advisoryKnown Exploit

CVE-2018-13382

Fortinet SSL VPN Password Modification Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

An improper authorization vulnerability in Fortinet SSL VPN web portals allows an unauthenticated attacker to change user passwords. This could lead to unauthorized access to an organization's network and data. The business risk is high, as this vulnerability has been exploited in the wild and is associated with ransom

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2018-13379

Fortinet SSL VPN Path Traversal Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

An improper limitation in Fortinet SSL VPN web portals allows unauthenticated attackers to download system files. This could lead to unauthorized access to sensitive data and pose a business risk. Organizations should identify exposed assets and apply vendor fixes.

NVD published: • CISA KEV