Share
## https://sploitus.com/exploit?id=CC01D51C-E885-569B-8FCE-E7AD152582AD
# ๐Ÿ›ก๏ธ CVE-2018-13379 - Fortinet SSL VPN Vulnerability

---

## ๐Ÿ” Overview

CVE-2018-13379 is a **critical path traversal** vulnerability in Fortinet FortiOS SSL VPN.  
It allows attackers to **download VPN web session files** and extract sensitive information.

- **Impact:** Information disclosure (usernames, session tokens)  
- **CVSSv3:** 8.6 (High)  
- **Exploitation:** Remote, unauthenticated  

---

## ๐Ÿ’ป Vulnerable Versions

- FortiOS **5.4.6 โ€“ 5.4.12**  
- FortiOS **5.6.3 โ€“ 5.6.7**  
- FortiOS **6.0.0 โ€“ 6.0.4**  
- FortiProxy โ‰ค 1.2.8 / 2.0.0  

---

## ๐Ÿ› ๏ธ Features of This Script

- Detects vulnerable FortiOS SSL VPN instances  
- Downloads `sslvpn_websession` file  
- Extracts **usernames** & **password**  
- Multi-threaded scanning  

---

## ๐Ÿ›ก๏ธ Mitigation / Protection

- **Patch FortiOS**: Upgrade to **6.0.5+** or latest available  
- **Enable 2FA** for VPN users  
- **Restrict VPN access** to trusted IPs only  

---

## โšก Usage

Scan a single IP:

```bash
python CVE-2018-13379.py -i 192.168.1.1:10443
```

Scan multiple IPs from a file:

```bash
python3 CVE-2018-13379.py -f targets.txt -n 20
```
---

**โš ๏ธ Disclaimer:** Only use this for **authorized testing and research**. Unauthorized access is illegal.  

## Refrence