Detections
Analytics
CVE-2018-13379
critical
Description
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
From the Tenable Blog
CVE-2018-13379, CVE-2019-5591, CVE-2020-12812: Fortinet Vulnerabilities Targeted by APT Actors
Published: 2021-04-08
Threat actors and ransomware groups are actively targeting three legacy Fortinet vulnerabilities. Background On April 2, the Federal Bureau of Investigation (FBI) along with the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory regarding activity involving advanced persistent threat (APT) actors.
CVE-2018-13379, CVE-2019-11510: FortiGate and Pulse Connect Secure Vulnerabilities Exploited In the Wild
Published: 2019-08-27
Attackers are exploiting arbitrary file disclosure vulnerabilities in popular SSL VPNs from Fortinet and PulseSecure.
References
https://www.securityweek.com/cisa-fbi-warn-of-china-linked-ghost-ransomware-attacks/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-050a
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
https://www.ic3.gov/Media/News/2024/241010.pdf
https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report
https://www.darkreading.com/vulnerabilities-threats/everything-you-need-to-know-about-lockbit
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective
https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a
https://cisomag.com/cring-ransomware-targets-unpatched-vulnerabilities-in-fortinet-vpns/
https://www.ic3.gov/Media/News/2021/210402.pdf
https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-296a
https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities
https://www.tenable.com/blog/hold-the-door-why-organizations-need-to-prioritize-patching-ssl-vpns
https://www.tenable.com/blog/one-year-later-what-can-we-learn-from-zerologon
https://www.tenable.com/blog/how-covid-19-response-is-expanding-the-cyberattack-surface