tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesVulnerability in Fortinet FortiOS Could Allow Unauthorized Remote Access

Vulnerability in Fortinet FortiOS Could Allow Unauthorized Remote Access

MS-ISAC ADVISORY NUMBER:

2016-012

DATE(S) ISSUED:

01/13/2016

OVERVIEW:

A vulnerability has been discovered in Fortinet FortiOS that could allow unauthorized remote administrative access to the device if the device has ³Administrative Access² enabled for SSH. FortiOS is the operating system used by FortiGate network security platforms. Successful exploitation could lead to remote administrative access of an impacted FortiOS device.

THREAT INTELLIGENCE:

Exploit script freely available on the Internet.

SYSTEMS AFFECTED:

  • FortiOS versions 4.3.0 to 4.3.16
  • FortiOS versions 5.0.0 to 5.0.7

RISK:

Goverment:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
N/A

TECHNICAL SUMMARY:

A vulnerability has been discovered in Fortinet FortiOS that could allow unauthorized, remote administrative access to the device if the device has ³Administrative Access² enabled for SSH. Successful exploitation could lead to remote administrative access of an impacted FortiOS device.

The vulnerability identified could lead to remote administrative access via SSH of a FortiOS device, resulting in the complete compromise of the impacted system. A hard-coded password exists in the firewall software that would allow a remote attacker to login with full administrative access to the device by using the ³Fortimanager_Access² username and a hashed version of the string ³FGTAbc11*xy+Qqz27² as the password.

RECOMENDATIONS:

We recommend the following actions be taken:

Disable administrator access over SSH on all the network interfaces of the device and use the Web GUI or console applet for the GUI instead.
In cases where SSH access is necessary in FortiOS 5.x versions, restrict SSH access to minimal set of pre-authorized IP addresses.
Apply appropriate patches provided by Fortinet to vulnerable systems immediately after appropriate testing.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Controls That Help Avoid This Issue Arrow CIS Control 4: Continuous Vulnerability Assessment and Remediation Arrow CIS Control 11: Secure Configurations for Network Devices

Information Hub: Advisories