A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.

CPENameOperatorVersion
fortioseq6.0.4
fortioseq6.0.3
fortioseq6.0.2
fortioseq6.0.1
fortioseq6.0.0
fortioseq5.6.7
fortioseq5.6.6
fortioseq5.6.5
fortioseq5.6.4
fortioseq5.6.3

Name	Operator	Version
fortios	eq	6.0.4
fortios	eq	6.0.3
fortios	eq	6.0.2
fortios	eq	6.0.1
fortios	eq	6.0.0
fortios	eq	5.6.7
fortios	eq	5.6.6
fortios	eq	5.6.5
fortios	eq	5.6.4
fortios	eq	5.6.3

Rows per page:

1-10 of 171

prion 1

mmpc 4

zdt 2

packetstorm 2

threatpost 10

thn 22

exploitpack 2

nessus 3

dsquare 1

fortinet 1

mssecure 4

kitploit 1

cve 1

malwarebytes 4

checkpoint_advisories 1

nuclei 1

cisa_kev 1

exploitdb 2

attackerkb 3

rapid7blog 3

hivepro 3

ics 11

cisa 2

securelist 1

qualysblog 6

talosblog 1

prion

Path traversal

2019-06-04 21:29:00

mmpc

Exposing POLONIUM activity and infrastructure targeting Israeli organizations

2022-06-02 16:00:00

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

2021-11-16 16:00:08

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

2022-09-07 21:00:00

zdt

FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Exploit (2)

2019-08-19 00:00:00

FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Exploit

2019-08-19 00:00:00

packetstorm

FortiOS 5.6.7 / 6.0.4 Credential Disclosure

2019-08-19 00:00:00

FortiOS 5.6.7 / 6.0.4 Credential Disclosure

2019-08-19 00:00:00

threatpost

Thousands of Fortinet VPN Account Credentials Leaked

2021-09-09 22:49:27

Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks

2021-04-08 14:00:32

Accenture Confirms LockBit Ransomware Attack

2021-08-11 21:56:00

thn

CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats

2023-12-18 05:41:00

Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets

2021-04-08 13:12:00

Data Wiper Malware Disguised As Ransomware Targets Israeli Entities

2021-05-26 15:30:00

exploitpack

FortiOS 5.6.3 - 5.6.7 FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)

2019-08-19 00:00:00

FortiOS 5.6.3 - 5.6.7 FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure

2019-08-19 00:00:00

nessus

Fortinet FortiOS (Mac OS X) 5.4.6 <= 5.4.12 / 5.6.3 < 5.6.8 / 6.0.x < 6.0.5 SSL VPN Directory Traversal (FG-IR-18-384) (deprecated)

2019-06-14 00:00:00

Fortinet FortiOS 5.4.6 <= 5.4.12 / 5.6.3 < 5.6.8 / 6.0.x < 6.0.5 SSL VPN Directory Traversal (FG-IR-18-384)

2019-06-14 00:00:00

Fortinet FortiOS SSL VPN Directory Traversal Vulnerability (FG-IR-18-384) (Direct Check)

2019-09-06 00:00:00

dsquare

Fortinet FortiGate SSL VPN File Disclosure

2019-08-17 00:00:00

fortinet

FortiProxy - system file leak through SSL VPN special crafted HTTP resource requests

2021-06-01 00:00:00

mssecure

Exposing POLONIUM activity and infrastructure targeting Israeli organizations

2022-06-02 16:00:00

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

2021-11-16 16:00:08

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

2022-09-07 21:00:00

kitploit

Fortiscan - A High Performance FortiGate SSL-VPN Vulnerability Scanning And Exploitation Tool

2020-11-30 11:30:00

cve

CVE-2018-13379

2019-06-04 21:29:00

malwarebytes

500,000 Fortinet VPN credentials exposed: Turn off, patch, reset passwords

2021-09-09 15:37:43

Atomic research institute breached via VPN vulnerability

2021-06-21 13:53:03

Patch now! NSA, CISA, and FBI warn of Russian intelligence exploiting 5 vulnerabilities

2021-04-16 14:59:38

checkpoint_advisories

Fortinet FortiOS SSL VPN Directory Traversal (CVE-2018-13379)

2019-10-17 00:00:00

nuclei

Fortinet FortiOS - Credentials Disclosure

2020-04-22 06:42:01

cisa_kev

Fortinet FortiOS SSL VPN Path Traversal Vulnerability

2021-11-03 00:00:00

exploitdb

Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure

2019-08-19 00:00:00

Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)

2019-08-19 00:00:00

attackerkb

CVE-2020-12812

2020-07-24 00:00:00

CVE-2018-13379 Path Traversal in Fortinet FortiOS

2019-06-04 00:00:00

CVE-2019-5591

2020-08-14 00:00:00

rapid7blog

Metasploit Wrap-Up

2021-03-05 17:20:43

CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies

2022-10-07 16:24:42

Attackers Targeting Fortinet Devices and SAP Applications

2021-04-08 17:18:07

hivepro

LockBit 2.0 Ransomware affiliates targeting Renowned Organizations

2022-03-15 10:07:18

Russian state-sponsored cyber actors targeting U.S. critical infrastructure

2022-02-18 12:20:35

Weekly Threat Digest: 14 – 20 March 2022

2022-03-23 04:17:40

ics

Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology

2022-02-16 12:00:00

#StopRansomware: Play Ransomware

2023-12-18 12:00:00

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities

2021-11-19 12:00:00

cisa

FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities

2021-04-02 00:00:00

NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks

2021-04-15 00:00:00

securelist

Cyberthreats to financial organizations in 2022

2021-11-23 10:00:13

qualysblog

Qualys Tackles 2022’s Top Routinely Exploited Cyber Vulnerabilities

2023-08-24 19:07:05

CISA Alert: Top 15 Routinely Exploited Vulnerabilities

2022-05-06 12:19:24

Solorigate/Sunburst : Theft of Cybersecurity Tools | FireEye Breach

2020-12-10 00:48:29

talosblog

Microsoft patches 12 critical vulnerabilities, nine of which are in Layer 2 Tunneling Protocol

2023-10-11 11:48:18

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.973 High

EPSS

Percentile

99.9%

JSON

Related for FG-IR-18-384