{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T00:11:48.936","vulnerabilities":[{"cve":{"id":"CVE-2018-13379","sourceIdentifier":"psirt@fortinet.com","published":"2019-06-04T21:29:00.233","lastModified":"2025-10-24T12:53:03.100","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests."},{"lang":"es","value":"Una limitación inadecuada de un nombre de ruta a un directorio restringido (\"Path Traversal\") en Fortinet FortiOS versiones 6.0.0 a 6.0.4, 5.6.3 a 5.6.7 y 5.4.6 a 5.4.12 y FortiProxy versiones 2.0.0, 1. 2.0 a 1.2.8, 1.1.0 a 1.1.6, 1.0.0 a 1.0.7 bajo el portal web SSL VPN permite a un atacante no autenticado descargar archivos del sistema a través de solicitudes de recursos HTTP especialmente diseñadas"}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2021-11-03","cisaActionDue":"2022-05-03","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Fortinet FortiOS SSL VPN Path Traversal Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.9","matchCriteriaId":"4B47708E-8A92-4767-8685-49C3143D0920"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F3DD97EA-92AD-4EB1-B731-261F40BFC4BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.6","versionEndExcluding":"5.4.13","matchCriteriaId":"B7016D5F-23EE-4922-B6ED-312522776B25"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.3","versionEndExcluding":"5.6.8","matchCriteriaId":"44120B30-029A-4283-9441-A815A96ADD9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.5","matchCriteriaId":"D37F1481-E7A7-4428-89C9-5DF9D206D056"}]}]}],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-18-384","source":"psirt@fortinet.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.fortiguard.com/psirt/FG-IR-20-233","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/advisory/FG-IR-18-384","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.fortiguard.com/psirt/FG-IR-20-233","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-13379","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}