A path traversal vulnerability in the FortiProxy SSL VPN web portal may allow a non-authenticated, remote attacker to download FortiProxy system files through specially crafted HTTP resource requests.

CPENameOperatorVersion
fortiproxyeq2.0.0
fortiproxyeq1.2.8
fortiproxyeq1.2.7
fortiproxyeq1.2.6
fortiproxyeq1.2.5
fortiproxyeq1.2.4
fortiproxyeq1.2.3
fortiproxyeq1.2.2
fortiproxyeq1.2.1
fortiproxyeq1.2.0

Name	Operator	Version
fortiproxy	eq	2.0.0
fortiproxy	eq	1.2.8
fortiproxy	eq	1.2.7
fortiproxy	eq	1.2.6
fortiproxy	eq	1.2.5
fortiproxy	eq	1.2.4
fortiproxy	eq	1.2.3
fortiproxy	eq	1.2.2
fortiproxy	eq	1.2.1
fortiproxy	eq	1.2.0

Rows per page:

1-10 of 111

threatpost 10

fortinet 1

exploitpack 2

prion 1

packetstorm 2

zdt 2

mmpc 4

thn 22

dsquare 1

nessus 3

mssecure 4

kitploit 1

checkpoint_advisories 1

nuclei 1

cisa_kev 1

malwarebytes 4

cve 1

exploitdb 2

attackerkb 3

hivepro 3

rapid7blog 3

ics 11

cisa 2

securelist 1

qualysblog 6

talosblog 1

threatpost

Thousands of Fortinet VPN Account Credentials Leaked

2021-09-09 22:49:27

Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks

2021-04-08 14:00:32

Accenture Confirms LockBit Ransomware Attack

2021-08-11 21:56:00

fortinet

Protect

2019-05-24 00:00:00

exploitpack

FortiOS 5.6.3 - 5.6.7 FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)

2019-08-19 00:00:00

FortiOS 5.6.3 - 5.6.7 FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure

2019-08-19 00:00:00

prion

Path traversal

2019-06-04 21:29:00

packetstorm

FortiOS 5.6.7 / 6.0.4 Credential Disclosure

2019-08-19 00:00:00

FortiOS 5.6.7 / 6.0.4 Credential Disclosure

2019-08-19 00:00:00

zdt

FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Exploit (2)

2019-08-19 00:00:00

FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Exploit

2019-08-19 00:00:00

mmpc

Exposing POLONIUM activity and infrastructure targeting Israeli organizations

2022-06-02 16:00:00

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

2021-11-16 16:00:08

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

2022-09-07 21:00:00

thn

CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats

2023-12-18 05:41:00

Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets

2021-04-08 13:12:00

Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware

2022-02-18 07:40:00

dsquare

Fortinet FortiGate SSL VPN File Disclosure

2019-08-17 00:00:00

nessus

Fortinet FortiOS (Mac OS X) 5.4.6 <= 5.4.12 / 5.6.3 < 5.6.8 / 6.0.x < 6.0.5 SSL VPN Directory Traversal (FG-IR-18-384) (deprecated)

2019-06-14 00:00:00

Fortinet FortiOS SSL VPN Directory Traversal Vulnerability (FG-IR-18-384) (Direct Check)

2019-09-06 00:00:00

Fortinet FortiOS 5.4.6 <= 5.4.12 / 5.6.3 < 5.6.8 / 6.0.x < 6.0.5 SSL VPN Directory Traversal (FG-IR-18-384)

2019-06-14 00:00:00

mssecure

Exposing POLONIUM activity and infrastructure targeting Israeli organizations

2022-06-02 16:00:00

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

2021-11-16 16:00:08

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

2022-09-07 21:00:00

kitploit

Fortiscan - A High Performance FortiGate SSL-VPN Vulnerability Scanning And Exploitation Tool

2020-11-30 11:30:00

checkpoint_advisories

Fortinet FortiOS SSL VPN Directory Traversal (CVE-2018-13379)

2019-10-17 00:00:00

nuclei

Fortinet FortiOS - Credentials Disclosure

2020-04-22 06:42:01

cisa_kev

Fortinet FortiOS SSL VPN Path Traversal Vulnerability

2021-11-03 00:00:00

malwarebytes

500,000 Fortinet VPN credentials exposed: Turn off, patch, reset passwords

2021-09-09 15:37:43

Patch now! NSA, CISA, and FBI warn of Russian intelligence exploiting 5 vulnerabilities

2021-04-16 14:59:38

Atomic research institute breached via VPN vulnerability

2021-06-21 13:53:03

cve

CVE-2018-13379

2019-06-04 21:29:00

exploitdb

Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)

2019-08-19 00:00:00

Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure

2019-08-19 00:00:00

attackerkb

CVE-2020-12812

2020-07-24 00:00:00

CVE-2018-13379 Path Traversal in Fortinet FortiOS

2019-06-04 00:00:00

CVE-2019-5591

2020-08-14 00:00:00

hivepro

LockBit 2.0 Ransomware affiliates targeting Renowned Organizations

2022-03-15 10:07:18

Russian state-sponsored cyber actors targeting U.S. critical infrastructure

2022-02-18 12:20:35

Weekly Threat Digest: 14 – 20 March 2022

2022-03-23 04:17:40

rapid7blog

Metasploit Wrap-Up

2021-03-05 17:20:43

CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies

2022-10-07 16:24:42

Attackers Targeting Fortinet Devices and SAP Applications

2021-04-08 17:18:07

ics

Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology

2022-02-16 12:00:00

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities

2021-11-19 12:00:00

#StopRansomware: Play Ransomware

2023-12-18 12:00:00

cisa

FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities

2021-04-02 00:00:00

NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks

2021-04-15 00:00:00

securelist

Cyberthreats to financial organizations in 2022

2021-11-23 10:00:13

qualysblog

Qualys Tackles 2022’s Top Routinely Exploited Cyber Vulnerabilities

2023-08-24 19:07:05

CISA Alert: Top 15 Routinely Exploited Vulnerabilities

2022-05-06 12:19:24

Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect against Cyber Attack, based on CISA Guidelines

2022-02-26 20:20:32

talosblog

Microsoft patches 12 critical vulnerabilities, nine of which are in Layer 2 Tunneling Protocol

2023-10-11 11:48:18

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.975 High

EPSS

Percentile

100.0%

JSON

Related for FG-IR-20-233