Unrated severityCISA KEVNVD Advisory· Published Jun 4, 2019· Updated Oct 21, 2025

CVE-2018-13379

Description

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

Affected products

Fortinet/Fortinet FortiOS, FortiProxyv5
Range: FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.com/advisory/FG-IR-18-384mitrex_refsource_CONFIRM
www.fortiguard.com/psirt/FG-IR-20-233mitrex_refsource_CONFIRM

News mentions

The Convergence of Cloud Secrets & AI Risk
SentinelOne Labs · May 13, 2026

cvss	0.000
epss	0.076
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.060