admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Commit CVE-2018-13379

Browse Source
This commit is contained in:
Fortinet PSIRT Team 2021-06-02 15:42:53 +02:00
parent 83662755ef
commit 111296f2e5
No known key found for this signature in database
GPG Key ID: A06B38838DC5CE65
1 changed files with 22 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2018/13xxx/CVE-2018-13379.json
View File

@ -15,14 +15,11 @@
"product": {
"product_data": [
{
"product_name": "Fortinet FortiOS",
"product_name": "Fortinet FortiOS, FortiProxy",
"version": {
"version_data": [
{
"version_value": "FortiOS 6.0.0 to 6.0.4"
},
{
"version_value": "5.6.3 to 5.6.7"
"version_value": "FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7"
}
]
}
@ -33,6 +30,22 @@
]
}
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.9,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
@ -53,34 +66,9 @@
"url": "https://fortiguard.com/advisory/FG-IR-18-384"
},
{
"refsource": "BID",
"name": "108693",
"url": "http://www.securityfocus.com/bid/108693"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154146/FortiOS-5.6.7-6.0.4-Credential-Disclosure.html",
"url": "http://packetstormsecurity.com/files/154146/FortiOS-5.6.7-6.0.4-Credential-Disclosure.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154147/FortiOS-5.6.7-6.0.4-Credential-Disclosure.html",
"url": "http://packetstormsecurity.com/files/154147/FortiOS-5.6.7-6.0.4-Credential-Disclosure.html"
},
{
"refsource": "MISC",
"name": "https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn/",
"url": "https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn/"
},
{
"refsource": "MISC",
"name": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf",
"url": "https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf"
},
{
"refsource": "MISC",
"name": "https://github.com/blacklotuslabs/Development/blob/master/Mitigations/CVE/CVE-2018-13379/CVE-2018-13379%20-%20Summary%20%26%20Emergency%20Mitigations.pdf",
"url": "https://github.com/blacklotuslabs/Development/blob/master/Mitigations/CVE/CVE-2018-13379/CVE-2018-13379%20-%20Summary%20%26%20Emergency%20Mitigations.pdf"
"refsource": "CONFIRM",
"name": "https://www.fortiguard.com/psirt/FG-IR-20-233",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-233"
}
]
},
@ -88,7 +76,7 @@
"description_data": [
{
"lang": "eng",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests."
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests."
}
]
}