CVE-2018-13379
Vendor and product: Fortinet FortiOS and FortiProxy
This is yet another older vulnerability that agencies say is still being exploited more than two years later. The flaw in Fortinet’s FortiOS and FortiProxy is a path traversal in certain versions that allow unauthenticated attackers to download system files via specially crafted HTTP resources requests.
The company wrote in a November 2020 blog that nation-state actors were leveraging the bug to steal information relating to COVID-19 vaccine development. If you deploy these products in your environment, make sure they are patched.
Return To Article