A security vulnerability has been discovered with FortiGuard network firewall appliances that could potentially be exploited by hackers. Should the FortiGuard SSH backdoor be exploited, a hacker would be able to gain full administrative privileges to Fortinet security appliances.
FortiGuard SSH backdoor is an unintentional security vulnerability
The FortiGuard SSH backdoor was not been installed by hackers, but is an unintentional security vulnerability in the FortiOS operating system. The FortiGuard SSH backdoor was discovered this month by a third party security researcher. An exploit for the security vulnerability has already been published, making it imperative that all users of FortiGuard firewall appliances install the latest version of the operating system. All users must ensure that their devices are running on FortiGuard version 5.2 or above.
After the security vulnerability was announced Fortinet started an investigation to determine whether any other devices were affected. A statement released by Fortinet last week indicates that in addition to Fortinet FortiGuard, FortiAnalyzer, FortiCache, and FortiSwitch are also affected and contain the vulnerability.
In order to prevent the backdoor from being exploited users have been advised to upgrade to version 3.0.8 of FortiCache, version 3.3.3 of FortiSwitch, and versions 5.0.12 or 5.2.5 of FortiAnalyzer.
The FortiGuard SSH backdoor is a Secure Shell vulnerability. According to a Fortinet blog post, the security vulnerability has not been created by a malicious insider or outsider, but was an “unintentional consequence” of a feature of the operating system. The aim was to ensure “seamless access from an authorized FortiManager to registered FortiGate devices.” The vulnerability involves an undocumented account which has a hard-coded password.
If it is not possible for users to immediately upgrade to the latest OS, Fortinet advises using a manual get around, which involves disabling SSH access and switching to a web-based management interface until the OS can be upgraded.
Last month a security vulnerability was discovered in the ScreenOS operating system used by Juniper Networks. In that case, the backdoor had been inserted by a malicious insider or outsider. The code would allow a hacker to gain full administrative privileges to NetScreen firewall devices and view encrypted data sent via VPN networks.