Reference: CERT-EU Security Advisory 2016-45 Short Summary -------------- The FortiOS SSH has a login vulnerability. Remote console access to vulnerable devices with "Administrative Access" enabled for S= SH is possible. A Pyhton script was released that can be used to exploit the vulnerability. CVE reference: - Affected platforms: FortiOS Announcement Date: 2016-January-12 Security risk: High Vulnerability: FortiOS SSH vulnerability Vendor Status: Notified / Patch available Systems affected ----------------- FortiOS 4.3.0 to 4.3.16 FortiOS 5.0.0 to 5.0.7 Impact ------- An attacker can remotely exploit the SSH service of the FortiOS without having privileges. The attacker gains access to the administration functions of the device. Solutions ---------- Upgrade FortiOS to version 4.3.17 or 5.0.8 since these versions are not vulnerable. According to Fortiguard, as a workaround, the system administrators could disable admin access via SSH on all interfaces. If SSH access is mandatory, in 5.0 one can restrict access to SSH to a minimal set of authorized IP addresses, via the Local In policies. Additional References ----------------------- [1] Fortiguard vulnerability: http://www= .fortiguard.com/advisory/fortios-ssh-undocumented-interactive-login-vulnera= bility [2] Fortiguard Blog: http://blog.fortinet= .com/post/brief-statement-regarding-issues-found-with-fortios [3] SecLists Exploit: http://seclists.org/fulldisclosure/2= 016/Jan/26 CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383