Update: FortiOS vulnerability allows system files to be leaked through SSL VPNs via specially made HTTP resource requests. (November 26, 2020)

A path traversal vulnerability in the FortiOS SSL VPN web portal may allow attackers to gain unauthorized access to system files. This is done through specially crafted HTTP resource requests. The vulnerability as been classified as CVE-2018-13379.

The affected products are:

  • FortiOS 6.0 - 6.0.0 to 6.0.4
  • FortiOS 5.6 - 5.6.3 to 5.6.7
  • FortiOS 5.4 - 5.4.6 to 5.4.12

Any versions above the ones listed are unaffected. The vulnerability is only possible while the SSL VPN service (web-mode or tunnel mode) is enabled. 

Solutions and workarounds:

The solutions to this problem are:

  • Upgrading to FortiOS 5.4.13, 5.6.8, 6.0.5 or 6.2.0 and above.
  • In absence of upgrading to the versions listed above, mitigating the impact of this exploit can be done by enabling two-factor authentication for SSL VPN users. Doing this will prevent attackers from stealing credentials to impersonate SSL VPN users.
  • A temporary solution is to disable the SSL VPN (both web-mode and tunneling mode).

For more information on this vulnerability, please visit the following URL:

The Guyana National CIRT recommends that users and administrators review this alert and the remediation strategies and apply them where necessary.

References