Share
## https://sploitus.com/exploit?id=CC01D51C-E885-569B-8FCE-E7AD152582AD
# ๐ก๏ธ CVE-2018-13379 - Fortinet SSL VPN Vulnerability
---
## ๐ Overview
CVE-2018-13379 is a **critical path traversal** vulnerability in Fortinet FortiOS SSL VPN.
It allows attackers to **download VPN web session files** and extract sensitive information.
- **Impact:** Information disclosure (usernames, session tokens)
- **CVSSv3:** 8.6 (High)
- **Exploitation:** Remote, unauthenticated
---
## ๐ป Vulnerable Versions
- FortiOS **5.4.6 โ 5.4.12**
- FortiOS **5.6.3 โ 5.6.7**
- FortiOS **6.0.0 โ 6.0.4**
- FortiProxy โค 1.2.8 / 2.0.0
---
## ๐ ๏ธ Features of This Script
- Detects vulnerable FortiOS SSL VPN instances
- Downloads `sslvpn_websession` file
- Extracts **usernames** & **password**
- Multi-threaded scanning
---
## ๐ก๏ธ Mitigation / Protection
- **Patch FortiOS**: Upgrade to **6.0.5+** or latest available
- **Enable 2FA** for VPN users
- **Restrict VPN access** to trusted IPs only
---
## โก Usage
Scan a single IP:
```bash
python CVE-2018-13379.py -i 192.168.1.1:10443
```
Scan multiple IPs from a file:
```bash
python3 CVE-2018-13379.py -f targets.txt -n 20
```
---
**โ ๏ธ Disclaimer:** Only use this for **authorized testing and research**. Unauthorized access is illegal.
## Refrence