Fortinet SSL-VPN Vulnerability CVE-2018-13379: 49K+ Vulnerable Targets Listed

Published on November 21, 2020 | 11:30 AM IST

Share this Advisory:

Advisory Category Vulnerability Management
Vulnerability CVE-2018-13379
Target Fortinet SSL VPN
TLP          Amber

CloudSEK Threat Intel has detected a threat actor selling a list of systems on the Internet that are vulnerable to CVE-2018-13379 which is a Fortinet SSL VPN path traversal vulnerability.

The threat actor’s post enumerating the list of vulnerable targets
The threat actor’s post enumerating the list of vulnerable targets

Fortinet SSL-VPN Vulnerability CVE-2018-13379

CVE-2018-13379 is a path traversal vulnerability in FortinetOS SSL VPN web portal which allows unauthenticated attackers to download FortiOS system files by means of specially crafted HTTP request. Vulnerability exists only if SSL VPN service (web mode/tunnel mode) is enabled.

 

Vulnerable path

“https://”+ip+”/remote/fgt_lang?lang=</../../../..attacker controlled path>

 

Vulnerable Versions

  • FortiOS 6.0 – 6.0.0 to 6.0.4
  • FortiOS 5.6 – 5.6.3 to 5.6.7
  • FortiOS 5.4 – 5.4.6 to 5.4.12

 

Impact 

Technical Impact

  • The attacker can read any files (including system critical files like :config files/password files) from the server
  • Attackers can perform trial and error to search and read sensitive files on the target server.

 

Business Impact

  • Malicious actors can exploit this vulnerability and cause serious downtime resulting in significant financial loss.
  • Since VPN endpoints play a crucial role in business infrastructure, compromise of even a single endpoint may lead to take over of the entire domain or network.

 

Mitigation

  • Install vendor upgrades: Upgrade to FortiOS 5.4.13, 5.6.8, 6.0.5 or 6.2.0 and above
  • Disable SSL VPN service (Work around): https://www.fortiguard.com/psirt/FG-IR-18-384

Be informed in your Inbox

Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox.

Join the Discussions

Discuss your way into our Community about these threats and stay Vigilant and informed.