Quickfire Cyber Bulletin June 5, 2026
← Back

CVE-2018-13379

Fortinet FortiOS SSL VPN Path Traversal Vulnerability

High

Description

Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.

Scores & Signals

EPSS score 0.9447 (100.0th percentile)
CISA KEV Yes — actively exploited (added 2021-11-03) · due 2022-05-03
Affected Fortinet FortiOS

Sources

External references

Risk scores are deterministic, based on public signals only. They are informational context, not a final verdict. Always consult vendor advisories before taking action.