Details of VAR-201906-0815

ID

VAR-201906-0815

CVE

CVE-2018-13379

TITLE

Fortinet FortiOS Path traversal vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-015565 // CNNVD: CNNVD-201905-1026

DESCRIPTION

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. Fortinet FortiOS Contains a path traversal vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiOS is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information. Fortinet FortiOS 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. A path traversal vulnerability exists in the SSL VPN web portal in Fortinet FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths

Trust: 2.61

sources: NVD: CVE-2018-13379 // JVNDB: JVNDB-2018-015565 // CNNVD: CNNVD-202104-975 // BID: 108693 // VULHUB: VHN-123432 // VULMON: CVE-2018-13379

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	lt	version:	6.0.5	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	1.2.9	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	5.4.13	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	5.6.3	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	5.6.8	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	5.4.6	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.3 to 5.6.7	Trust: 0.8
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.0 to 6.0.4	Trust: 0.8
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.7	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.6	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.4	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	eq	version:	5.6.3	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	6.2	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	6.0.5	Trust: 0.3
vendor:	fortinet	model:	fortios	scope:	ne	version:	5.6.8	Trust: 0.3

sources: BID: 108693 // JVNDB: JVNDB-2018-015565 // NVD: CVE-2018-13379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13379
value:	CRITICAL
Trust: 1.0
psirt@fortinet.com:	CVE-2018-13379
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-13379
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-1026
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-123432
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-13379
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-13379
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-123432
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-13379
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@fortinet.com:	CVE-2018-13379
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2018-13379
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-123432 // VULMON: CVE-2018-13379 // JVNDB: JVNDB-2018-015565 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-201905-1026 // NVD: CVE-2018-13379 // NVD: CVE-2018-13379

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-123432 // JVNDB: JVNDB-2018-015565 // NVD: CVE-2018-13379

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-1026

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015565

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-123432 // VULMON: CVE-2018-13379

PATCH

title:	FG-IR-18-384	url:	https://fortiguard.com/psirt/FG-IR-18-384	Trust: 0.8
title:	Fortinet FortiOS Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92978	Trust: 0.6
title:	forti	url:	https://github.com/nescam123/forti	Trust: 0.1
title:	CVE-2018-13379-FortinetVPN	url:	https://github.com/mandr4x/CVE-2018-13379-FortinetVPN	Trust: 0.1
title:	Fortigate	url:	https://github.com/7Elements/Fortigate	Trust: 0.1
title:	CVE-2018-13379	url:	https://github.com/B1anda0/CVE-2018-13379	Trust: 0.1

sources: VULMON: CVE-2018-13379 // JVNDB: JVNDB-2018-015565 // CNNVD: CNNVD-201905-1026

EXTERNAL IDS

db:	NVD	id:	CVE-2018-13379	Trust: 2.9
db:	BID	id:	108693	Trust: 0.9
db:	JVNDB	id:	JVNDB-2018-015565	Trust: 0.8
db:	PACKETSTORM	id:	154146	Trust: 0.7
db:	PACKETSTORM	id:	154147	Trust: 0.7
db:	CNNVD	id:	CNNVD-201905-1026	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021060121	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1889	Trust: 0.6
db:	EXPLOIT-DB	id:	47288	Trust: 0.6
db:	CNVD	id:	CNVD-2020-68839	Trust: 0.1
db:	SEEBUG	id:	SSVID-99091	Trust: 0.1
db:	SEEBUG	id:	SSVID-99092	Trust: 0.1
db:	VULHUB	id:	VHN-123432	Trust: 0.1
db:	VULMON	id:	CVE-2018-13379	Trust: 0.1

sources: VULHUB: VHN-123432 // VULMON: CVE-2018-13379 // BID: 108693 // JVNDB: JVNDB-2018-015565 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-201905-1026 // NVD: CVE-2018-13379

REFERENCES

url:	https://fortiguard.com/advisory/fg-ir-18-384	Trust: 1.7
url:	https://www.fortiguard.com/psirt/fg-ir-20-233	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13379	Trust: 1.4
url:	https://packetstormsecurity.com/files/154147/fortios-5.6.7-6.0.4-credential-disclosure.html	Trust: 1.2
url:	https://www.securityfocus.com/bid/108693	Trust: 1.2
url:	https://www.fortinet.com/products/fortigate/fortios.html	Trust: 0.9
url:	https://fortiguard.com/psirt/fg-ir-18-384	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13379	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://i.blackhat.com/usa-19/wednesday/us-19-tsai-infiltrating-corporate-intranet-like-nsa.pdf	Trust: 0.6
url:	https://github.com/blacklotuslabs/development/blob/master/mitigations/cve/cve-2018-13379/cve-2018-13379%20-%20summary%20%26%20emergency%20mitigations.pdf	Trust: 0.6
url:	https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn/	Trust: 0.6
url:	https://packetstormsecurity.com/files/154146/fortios-5.6.7-6.0.4-credential-disclosure.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/fortios-directory-traversal-via-ssl-vpn-29414	Trust: 0.6
url:	https://www.exploit-db.com/exploits/47288	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060121	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1889	Trust: 0.6

sources: VULHUB: VHN-123432 // BID: 108693 // JVNDB: JVNDB-2018-015565 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-201905-1026 // NVD: CVE-2018-13379

CREDITS

Carlos E. Vieira,Meh Chang and Orange Tsai from DEVCORE Security Research Team.

Trust: 0.6

sources: CNNVD: CNNVD-201905-1026

SOURCES

db:	VULHUB	id:	VHN-123432
db:	VULMON	id:	CVE-2018-13379
db:	BID	id:	108693
db:	JVNDB	id:	JVNDB-2018-015565
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-201905-1026
db:	NVD	id:	CVE-2018-13379

LAST UPDATE DATE

2024-11-23T19:59:02.016000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-123432	date:	2020-01-22T00:00:00
db:	VULMON	id:	CVE-2018-13379	date:	2021-06-03T00:00:00
db:	BID	id:	108693	date:	2019-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-015565	date:	2019-06-17T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201905-1026	date:	2021-06-04T00:00:00
db:	NVD	id:	CVE-2018-13379	date:	2024-11-21T03:46:59.250

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-123432	date:	2019-06-04T00:00:00
db:	VULMON	id:	CVE-2018-13379	date:	2019-06-04T00:00:00
db:	BID	id:	108693	date:	2019-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-015565	date:	2019-06-17T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201905-1026	date:	2019-05-27T00:00:00
db:	NVD	id:	CVE-2018-13379	date:	2019-06-04T21:29:00.233