‘Backdoor’ FortiOS Exploit!

13 Jan
Company, Industry, News, Partners

FortiOS is an operating system that powers Fortinet’s firewall platform, FortiGate. On January 9, 2016, an exploit for an SSH backdoor in the FortiGate operating system was posted to the Full Disclosure mailing list.

In a statement released by Fortinet on January 12, 2016, “This was not a ‘backdoor’ vulnerability issue but rather a management authentication issue. The issue was identified by our Product Security team as part of their regular review and testing efforts. After careful analysis and investigation, we were able to verify this issue was not due to any malicious activity by any party, internal or external.” [ii]

If you are a Secure Sense managed customer, do not worry, we already have you covered and have ensured all FortiGate clients are using an updated version of the FortiOS.

If you are currently using FortiOS, and not a Secure Sense managed customer, we urge you to find out which version of FortiOS you are currently using. You are NOT affected by this vulnerability, if you have the following versions. [ii]

  • v4.3.17 or later versions of v4.3
  • v5.0.8 or later versions of v5.0
  • Any version of 2 or 5.4

Any other versions from 4.3.0 – 4.3.16 and 5.0.0 – 5.07. Fortinet is recommending you immediately update your FortiOS product. [iii]

Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact your Secure Sense by calling 866-999-7506.

[i] The Full Disclosure Mailing list can be read here:
http://seclists.org/fulldisclosure/2016/Jan/26

[ii] Fortinet’s statement can be found here:
http://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios

[iii] The Product Service Advisory posting can be found here:
http://www.fortiguard.com/advisory/fortios-ssh-undocumented-interactive-login-vulnerability