FortiOS VPN path traversal — credential theft at massive scale. Credentials from 50,000+ devices were dumped publicly in 2021. Apply patches immediately. Check your sslvpn_websession files and reset ALL VPN credentials if affected.
An improper limitation of a pathname to a restricted directory (path traversal) in Fortinet FortiOS 6.0.0-6.0.4, 5.6.3-5.6.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special HTTP resource requests.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →