module
FortiOS Path Traversal Credential Gatherer
| Disclosed |
|---|
| N/A |
Disclosed
N/A
Description
Fortinet FortiOS versions 5.4.6 to 5.4.12, 5.6.3 to 5.6.7 and 6.0.0 to
6.0.4 are vulnerable to a path traversal vulnerability within the SSL VPN
web portal which allows unauthenticated attackers to download FortiOS system
files through specially crafted HTTP requests.
This module exploits this vulnerability to read the usernames and passwords
of users currently logged into the FortiOS SSL VPN, which are stored in
plaintext in the "/dev/cmdb/sslvpn_websession" file on the VPN server.
6.0.4 are vulnerable to a path traversal vulnerability within the SSL VPN
web portal which allows unauthenticated attackers to download FortiOS system
files through specially crafted HTTP requests.
This module exploits this vulnerability to read the usernames and passwords
of users currently logged into the FortiOS SSL VPN, which are stored in
plaintext in the "/dev/cmdb/sslvpn_websession" file on the VPN server.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.