{"containers":{"cna":{"affected":[{"product":"Fortinet FortiOS, FortiProxy","vendor":"Fortinet","versions":[{"status":"affected","version":"FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7"}]}],"datePublic":"2019-05-24T00:00:00.000Z","descriptions":[{"lang":"en","value":"An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"description":"Information disclosure","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2021-06-03T10:29:56.000Z","orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://fortiguard.com/advisory/FG-IR-18-384"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.fortiguard.com/psirt/FG-IR-20-233"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@fortinet.com","ID":"CVE-2018-13379","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Fortinet FortiOS, FortiProxy","version":{"version_data":[{"version_value":"FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7"}]}}]},"vendor_name":"Fortinet"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests."}]},"impact":{"cvss":{"attackComplexity":"Low","attackVector":"Network","availabilityImpact":"High","baseScore":8.9,"baseSeverity":"High","confidentialityImpact":"High","integrityImpact":"None","privilegesRequired":"None","scope":"Unchanged","userInteraction":"None","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information disclosure"}]}]},"references":{"reference_data":[{"name":"https://fortiguard.com/advisory/FG-IR-18-384","refsource":"CONFIRM","url":"https://fortiguard.com/advisory/FG-IR-18-384"},{"name":"https://www.fortiguard.com/psirt/FG-IR-20-233","refsource":"CONFIRM","url":"https://www.fortiguard.com/psirt/FG-IR-20-233"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T09:00:35.028Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://fortiguard.com/advisory/FG-IR-18-384"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.fortiguard.com/psirt/FG-IR-20-233"}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2018-13379","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-10-23T13:32:05.098252Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2021-11-03","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13379"}}}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13379","tags":["government-resource"]}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}],"timeline":[{"time":"2021-11-03T00:00:00.000Z","lang":"en","value":"CVE-2018-13379 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T23:45:35.558Z"}}]},"cveMetadata":{"assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","assignerShortName":"fortinet","cveId":"CVE-2018-13379","datePublished":"2019-06-04T20:18:08.000Z","dateReserved":"2018-07-06T00:00:00.000Z","dateUpdated":"2025-10-21T23:45:35.558Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}