diff --git a/rules/web/web_fortinet_cve_2018_13379_preauth_read_exploit.yml b/rules/web/web_fortinet_cve_2018_13379_preauth_read_exploit.yml
new file mode 100644
index 00000000..82ceb8a6
--- /dev/null
+++ b/rules/web/web_fortinet_cve_2018_13379_preauth_read_exploit.yml
@@ -0,0 +1,25 @@
+
+title: Fortinet CVE-2018-13379 Exploitation
+description: Detects CVE-2018-13379 exploitation attempt against Fortinet SSL VPNs.
+id: a2e97350-4285-43f2-a63f-d0daff291738
+references:
+    - https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn/
+author: Bhabesh Raj
+date: 2020/12/08
+tags:
+    - attack.initial_access
+    - attack.t1190
+logsource:
+    category: webserver
+detection:
+    selection:
+        c-uri: 
+            - '*lang=/../../*////*/dev/cmdb/sslvpn_websession'
+    condition: selection
+fields:
+    - client_ip
+    - url
+    - response
+falsepositives:
+    - Unknown
+level: critical