FortiOS VPN path traversal — credential theft at massive scale. Credentials from 50,000+ devices were dumped publicly in 2021. Apply patches immediately. Check your sslvpn_websession files and reset ALL VPN credentials if affected.
An improper limitation of a pathname to a restricted directory (path traversal) in Fortinet FortiOS 6.0.0-6.0.4, 5.6.3-5.6.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special HTTP resource requests.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →