Home

Awesome

CVE-2018-13379

CVE-2018-13379

https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html
https://fortiguard.com/psirt/FG-IR-18-384

The below versions of FortiOS were vulnerable.

FortiOS 5.6.3 to 5.6.7
FortiOS 6.0.0 to 6.0.4
ONLY if the SSL VPN service (web-mode or tunnel-mode) is enabled.