Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)

Summary

Acunetix 360 detected Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)

A directory traversal vulnerability exists on Fortigate SSL VPN. An attacker can craft a request that accesses potentially sensitive information in the Fortigate's filesystem.

Impact

An attacker could exploit this vulnerability to gain unauthorized read access to sensitive files including users VPN credentials.

Remediation

Upgrade to the latest version of FortiOS

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N