Infosec pros whose organizations use certain versions of Fortinet’s firewall operating system are being warned to update the OS after a high risk vulnerability was disclosed.
Those with the FortiGate firewall using FortiOS 4.3.0 to 4.3.16 or FortiOS 5.0.0 to 5.0.7 have to update immediately to fix a hole that could allow remote console access to vulnerable devices with “Administrative Access” enabled for SSH, according to the company’s blog.
Currently supported branches (FortiOS 5.2 and 5.4) are not affected by the problem.
The warning comes after a person alleged Saturday on the Full Disclosure website there is an SSH backdoor into the firewall’s operating system and posted details on how it can be exploited.
That prompted Fortinet yesterday to issue a statement saying the “recent issue that was disclosed publicly was resolved and a patch was made available in July 2014 as part of Fortinet’s commitment to ensuring the quality and integrity of our codebase. This was not a “backdoor” vulnerability issue but rather a management authentication issue. The issue was identified by our Product Security team as part of their regular review and testing efforts.
“After careful analysis and investigation, we were able to verify this issue was not due to any malicious activity by any party, internal or external.”
It said the problem was patched in July 2014 for many versions of FortiOS. Organizations with v4.3.17 or any later version of FortiOS v4.3 (available as of July 9, 2014), FortiOS v5.0.8 or any later version of FortiOS v5.0 (available as of July 28, 2014), and any version of FortiOS v5.2 or v5.4 are therefore not affected by the vulnerability.
According to The Hacker News, this opening was created for challenge-and-response authentication routine for logging into Fortinet’s servers with the secure shell (SSH) protocol. System administrators can also make use of this exploit code to automate their testing process in an effort to find out whether they have any vulnerable FortiGuard network equipment, it says.
The issue is another reminder that system administrators have to ensure they are running the latest versions of critical infrastructure such as firewalls,