CVE-2018-13379 is being exploited in the wild on Fortigate SSL VPN firewalls. These exist as a perimeter security control, so it's a bad vulnerability.

Using BinaryEdge.io I can see scanning activity from last night for first time for this vulnerability:



The scanning traffic is taking place across the whole internet it appears, spray and pray style.

The vulnerability is ridiculously easy to exploit, it's a 1996 style pre-auth ../ webserver exploit to read plain text administrator credentials:

Timeline

May 24th 2019 - Vendor posts advisory - https://fortiguard.com/psirt/FG-IR-18-384



June 4th 2019 - Vendor updates advisory to correct impacted versions

August 9th 2019 - Blog explaining the different vulnerabilities in FortiOS, including this one.

August 14th 2019 - Exploit appears on GitHub and exploitation details posted in TLP Rainbow.

August 17th 2019 - Another exploit, checks if vulnerable before exploit.

August 21nd 2019 - Exploitation seen in wild.

