(CVE-2018-13379) Exploitation Tool, You can use this tool to check the vulnerability in your FortiGate SSL-VPN. https://www.fortinet.com/blog/business-and-technology/fortios-ssl-vulnerability
SSL VPN Vulnerabilities
Two of the vulnerabilities directly affected Fortinet’s implementation of SSL VPN. They are:
- CVE-2018-13379 (FG-IR-18-384) – This is a path traversal vulnerability in the FortiOS SSL VPN web portal that could potentially allow an unauthenticated attacker to download files through specially crafted HTTP resource requests.
- CVE-2018-13383 (FG-IR-18-388) – This heap buffer overflow vulnerability in the FortiOS SSL VPN web portal could cause the SSL VPN web service to terminate for logged in users. It could also potentially allow remote code execution on FortiOS due to a failure to handle JavaScript href content properly. This would require an authenticated user to visit a specifically-crafted and proxied webpage.
Remote Password Change Vulnerability
In addition, it was also disclosed (and fixed) in May 2019 that FortiOS included a “magic” string value that had been previously created at the request of a customer to enable users to implement a password change process when said password was expiring. That function had been inadvertently bundled into the general FortiOS release, and an Improper Authorization vulnerability resulted in that value being usable on its own to remotely change the password of an SSL VPN web portal user without credentials.
NOTE: only users with local authentication were affected – SSL VPN users with remote authentication (LDAP or RADIUS) were not impacted. Here are the details:
- CVE-2018-13382 (FG-IR-18-389) An Improper Authorization vulnerability in the SSL VPN web portal might allow an unauthenticated attacker to change the password of an SSL VPN web portal user using specially crafted HTTP requests.
Usage v 0.6 File List
./fortiscan ip.txt
Usage v 0.5 (One Liner to Initiate the Scan : Host|IP:Port(443 or 10443 or 8443)
./fortiscan 192.168.1.1:10443
Requirements
Tested with Parrot & Debian Operating Systems and Windows 10
Comments