Skip to content
← Browse CVEs

CVE-2018-13379

Critical · CVSS 9.1EPSS 100.0%CISA KEVCWE-22 · Path Traversal

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

References

NVD MITRE CVE.org CISA KEV

Published

Community ground truth

Community verdict

2 verdicts
Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

to add your verdict.

Community real-world severity: High (High 2) — CVSS base score 9.1

Practitioners rate this lower than its CVSS — likely over-rated by the score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

  • 0
    Field note · Priya NairCurated

    Pre-auth path traversal that leaks SSL-VPN session files including plaintext creds. Years later attackers were still dumping and reselling cred lists from unpatched FortiGates. The gift that keeps giving.

  • 0
    Remediation · Diego RamírezCurated

    Patch FortiOS and reset all VPN user credentials — leaked creds remain valid after patching. Enable MFA on the VPN.