Scanner

Fortiscan – A High Performance FortiGate SSL-VPN Vulnerability Scanning And Exploitation Tool

r00tBy 1650 views
0

(CVE-2018-13379) Exploitation Tool, You can use this tool to check the vulnerability in your FortiGate SSL-VPN. https://www.fortinet.com/blog/business-and-technology/fortios-ssl-vulnerability

SSL VPN Vulnerabilities

Two of the vulnerabilities directly affected Fortinet’s implementation of SSL VPN. They are:

  • CVE-2018-13379 (FG-IR-18-384) – This is a path traversal vulnerability in the FortiOS SSL VPN web portal that could potentially allow an unauthenticated attacker to download files through specially crafted HTTP resource requests.
  • CVE-2018-13383 (FG-IR-18-388) – This heap buffer overflow vulnerability in the FortiOS SSL VPN web portal could cause the SSL VPN web service to terminate for logged in users. It could also potentially allow remote code execution on FortiOS due to a failure to handle JavaScript href content properly. This would require an authenticated user to visit a specifically-crafted and proxied webpage.

Remote Password Change Vulnerability

In addition, it was also disclosed (and fixed) in May 2019 that FortiOS included a “magic” string value that had been previously created at the request of a customer to enable users to implement a password change process when said password was expiring. That function had been inadvertently bundled into the general FortiOS release, and an Improper Authorization vulnerability resulted in that value being usable on its own to remotely change the password of an SSL VPN web portal user without credentials.

NOTE: only users with local authentication were affected – SSL VPN users with remote authentication (LDAP or RADIUS) were not impacted. Here are the details:

  • CVE-2018-13382 (FG-IR-18-389) An Improper Authorization vulnerability in the SSL VPN web portal might allow an unauthenticated attacker to change the password of an SSL VPN web portal user using specially crafted HTTP requests.

Test Image 2

Usage v 0.6 File List

./fortiscan ip.txt

Usage v 0.5 (One Liner to Initiate the Scan : Host|IP:Port(443 or 10443 or 8443)

./fortiscan 192.168.1.1:10443

Requirements

Tested with Parrot & Debian Operating Systems and Windows 10

Github

Logseq – Open-source Platform for Knowledge Sharing and Management

Previous article

Damn Vulnerable Bank

Next article

You may also like

Comments

Leave a reply

Your email address will not be published. Required fields are marked *

More in Scanner