Fortinet SSL-VPN Vulnerability CVE-2018-13379: 49K+ Vulnerable Targets Listed

November 21, 2020
min read


Advisory Category Vulnerability Management
Vulnerability CVE-2018-13379
Target Fortinet SSL VPN
TLP          Amber

[/vc_wp_text][vc_column_text]CloudSEK Threat Intel has detected a threat actor selling a list of systems on the Internet that are vulnerable to CVE-2018-13379 which is a Fortinet SSL VPN path traversal vulnerability.

The threat actor’s post enumerating the list of vulnerable targets
The threat actor’s post enumerating the list of vulnerable targets

Fortinet SSL-VPN Vulnerability CVE-2018-13379

CVE-2018-13379 is a path traversal vulnerability in FortinetOS SSL VPN web portal which allows unauthenticated attackers to download FortiOS system files by means of specially crafted HTTP request. Vulnerability exists only if SSL VPN service (web mode/tunnel mode) is enabled.


Vulnerable path

“https://”+ip+”/remote/fgt_lang?lang=</../../../..attacker controlled path>


Vulnerable Versions

  • FortiOS 6.0 – 6.0.0 to 6.0.4
  • FortiOS 5.6 – 5.6.3 to 5.6.7
  • FortiOS 5.4 – 5.4.6 to 5.4.12



Technical Impact

  • The attacker can read any files (including system critical files like :config files/password files) from the server
  • Attackers can perform trial and error to search and read sensitive files on the target server.


Business Impact

  • Malicious actors can exploit this vulnerability and cause serious downtime resulting in significant financial loss.
  • Since VPN endpoints play a crucial role in business infrastructure, compromise of even a single endpoint may lead to take over of the entire domain or network.



  • Install vendor upgrades: Upgrade to FortiOS 5.4.13, 5.6.8, 6.0.5 or 6.2.0 and above
  • Disable SSL VPN service (Work around):


No items found.