A list of one-line exploits with the purpose of stealing VPN credentials from Fortinet VPN devices has been posted yesterday.
The vulnerability referred to is CVE-2018-13379, a path traversal flaw impacting a big number of unpatched Fortinet FortiOS SSL VPN devices.
Abusing this vulnerability allows remote access to the system for the attackers via specific HTTP requests.
Fortinet has issued a statement on the situation, where they reminded their users to update their devices.
