[email protected] – FortiOS: directory traversal via SSL VPN, analyzed on 27/05/2019

CERT-LatestNews ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesDBMS

FortiOS: directory traversal via SSL VPN Synthesis of the vulnerability An attacker can traverse directories via SSL VPN of FortiOS, in order to read a file outside the service root path. Vulnerable systems:

Severity of this threat: 2/4. Consequences of a hack: data reading. Pirate’s origin: internet client.