VDB

CVE-2019-5588

CVE-2019-5588 PUBLISHED CVSS 9.100000381469727 CRITICAL

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

EPSS 0.26% · 50.1th percentile

Risk Scores

CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
0.26%
50.1th percentile

Affected Products

VendorProductVersions
FortinetFortinet FortiOS, FortiProxyFortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12, FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7

Exploit Intelligence

…and 557 more exploits

Timeline

  • May 27, 2019 CVE Published
  • Aug 27, 2019 PoC Published
  • Aug 27, 2019 PoC Published
  • Feb 27, 2020 PoC Published
  • Jul 16, 2020 PoC Published
  • Oct 9, 2020 PoC Published
  • Oct 9, 2020 PoC Published
  • Oct 13, 2020 PoC Published
  • Oct 13, 2020 PoC Published
  • Oct 22, 2020 PoC Published
  • Oct 22, 2020 PoC Published
  • Oct 22, 2020 PoC Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›