Detections
Analytics

CVE-2018-13379

critical

Description

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

References

https://www.databreachtoday.com/attackers-target-zero-day-flaw-in-fortinet-security-software-a-31344

https://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/files/2026/03/2025YiR-report.pdf

https://www.sophos.com/en-us/blog/initial-access-techniques-used-by-iran-based-threat-actors

https://securityaffairs.com/186117/security/five-year-old-fortinet-fortios-ssl-vpn-flaw-actively-exploited.html

https://www.theregister.com/2025/06/04/play_ransomware_infects_900_victims/

https://www.securityweek.com/cisa-fbi-warn-of-china-linked-ghost-ransomware-attacks/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-050a

https://www.bleepingcomputer.com/news/security/cisa-and-fbi-ghost-ransomware-breached-orgs-in-70-countries/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

https://www.ic3.gov/Media/News/2024/241010.pdf

https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a

https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report

https://www.darkreading.com/vulnerabilities-threats/everything-you-need-to-know-about-lockbit

https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem

https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a

https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective

https://www.cisa.gov/sites/default/files/publications/AA21-321A-Iranian%20Government-Sponsored%20APT%20Actors%20Exploiting%20Microsoft%20Exchange%20and%20Fortinet%20Vulnerabilities.pdf

https://web.archive.org/web/20211025233339/https://twitter.com/pancak3lullz/status/1452679527197560837

https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a

https://cisomag.com/cring-ransomware-targets-unpatched-vulnerabilities-in-fortinet-vpns/

https://www.ic3.gov/Media/News/2021/210402.pdf

https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-296a

https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-play

https://thedfirreport.com/2022/03/21/apt35-automates-initial-access-using-proxyshell

https://www.cybereason.com/blog/research/powerless-trojan-iranian-apt-phosphorus-adds-new-powershell-backdoor-for-espionage

https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/

https://www.microsoft.com/en-us/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021

https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/

https://www.ncsc.gov.uk/files/Advisory-further-TTPs-associated-with-SVR-cyber-actors.pdf

https://assets.sentinelone.com/sentinellabs/evol-agrius

https://www.cisa.gov/uscert/ncas/alerts/aa20-296a#revisions

https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf

https://www.tenable.com/blog/frequently-asked-questions-about-iranian-cyber-operations

https://www.tenable.com/blog/cve-2024-55591-fortinet-authentication-bypass-zero-day-vulnerability-exploited-in-the-wild

https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities

https://www.tenable.com/blog/aa22-257a-cybersecurity-joint-advisory-on-iranian-islamic-revolutionary-guard-ransomware

https://www.tenable.com/blog/contileaks-chats-reveal-over-30-vulnerabilities-used-by-conti-ransomware-affiliates

https://www.tenable.com/blog/government-advisories-warn-of-apt-activity-resulting-from-russian-invasion-of-ukraine

https://www.tenable.com/blog/hold-the-door-why-organizations-need-to-prioritize-patching-ssl-vpns

https://www.tenable.com/blog/one-year-later-what-can-we-learn-from-zerologon

https://www.tenable.com/blog/cve-2018-13379-cve-2019-5591-cve-2020-12812-fortinet-vulnerabilities-targeted-by-apt-actors

https://www.tenable.com/blog/healthcare-security-ransomware-plays-a-prominent-role-in-covid-19-era-breaches

https://www.tenable.com/blog/government-agencies-warn-of-state-sponsored-actors-exploiting-publicly-known-vulnerabilities

https://www.tenable.com/blog/cve-2020-5135-critical-sonicwall-vpn-portal-stack-based-buffer-overflow-vulnerability

https://www.tenable.com/blog/cve-2020-2021-palo-alto-networks-pan-os-vulnerable-to-critical-authentication-bypass

https://www.tenable.com/blog/how-covid-19-response-is-expanding-the-cyberattack-surface

https://www.fortiguard.com/psirt/FG-IR-20-233

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13379

https://fortiguard.com/advisory/FG-IR-18-384

Details

Source: Mitre, NVD

Published: 2019-06-04

Updated: 2025-10-24

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.94473