Update: FortiOS vulnerability allows system files to be leaked through SSL VPNs via specially made HTTP resource requests. (November 26, 2020)
A path traversal vulnerability in the FortiOS SSL VPN web portal may allow attackers to gain unauthorized access to system files. This is done through specially crafted HTTP resource requests. The vulnerability as been classified as CVE-2018-13379.
The affected products are: