Fortinet SSL VPN – Unauthenticated Arbitrary File Read (CVE-2018-13379)
Recently an unauthenticated arbitrary file read vulnerability was discovered in Fortinet VPN service. The vulnerability allows an unauthenticated remote attacker to send a specially crafted request in order to read an arbitrary file from the vulnerable server file system. The vulnerability affects the following FortiOS versions:
- 5.6.3 to 5.6.7
- 6.0.0 to 6.0.4
Exploits targeting this vulnerability were posted online a few days ago and researchers at F5 Networks have already detected threat campaigns targeting this vulnerability.
Mitigation with BIG-IP ASM
ASM customers under any supported BIG-IP version are already protected against this vulnerability as the exploitation attempt will be detected by existing “Path traversal” signatures.
Figure 1: Exploit blocked with Attack Signature (200000190)
Figure 2: Exploit blocked with Attack Signature (200101550)
Published Aug 27, 2019
Version 1.0
Gal_Goldshtein
Employee
EmployeeGal_GoldshteinEmployee
Employee
miladminNimbostratus
hi Gal
thanks for this topic