What is the CVE-2018-13379 Path Traversal Vulnerability?

【CVE 2018 13379】Vulnerability exploits path traversal attack

Oct 24, 2022

6 min read

Sudip Sengupta

In this article:

A path traversal vulnerability allows hackers to create malicious resource requests to view restricted files and directories. In instances where there is an improper limitation of resource access, threat actors leverage path traversal vulnerabilities to access objects stored outside the website’s root folder. Also known as FortiOS vulnerability, CVE-2018-13379 is a path traversal vulnerability that affects older versions of Fortinet, FortiOS, and FortiProxy.

This blog post discusses how directory traversal attacks are exploited over the CVE-2018-13379 vulnerability, its impact, common exploitation techniques, and practices to prevent attacks.

What is the CVE-2018-13379 Vulnerability?

Appearing on the National Vulnerability Database as Improper Limitation of a Pathname to a Restricted Directory, the CVE-2018-13379 vulnerability is found in technology services that operate on Fortinet FortiOS versions 5.4.12 to 5.6, 5.6.3 to 5.6.7, and 6.0.0 to 6.0.4. The vulnerability also affects FortiOS devices that use the FortiProxy versions 1.0.0 to 1.0.7, 1.10 to 1.1.6, 1.2.0 to 1.2.8, and 2.0.0 under the SSL-VPN service. The vulnerability allows threat actors to download FortiOS system files using malformed resource requests, enabling them to read session files that contain plaintext credentials.

CVE-2018-13379 Attack Example

While the CVE-2018-13379 vulnerability was discovered in July 2018, threat actors continue to abuse the flaw as an entry point for deeper,

Read more

Explore the site

More from the blog

Latest News