More Fortinet products found with Secure Shell backdoors

By

Unintentional consequence of device management feature.

Several products from firewall vendor Fortinet contain code that allows remote access with full admninstrative privileges, thanks to a password hardcoded into the devices.

More Fortinet products found with Secure Shell backdoors

The revelation follows an advisory published earlier this month, warning that multiple versions of the FortiOS operating system were shipped with a Secure Shell service that allowed remote access for anyone who knew the password.

Fortinet is now urging customers to patch the affected systems.

According to Fortinet's product security incident response the remote access vulnerability is found in the following products:

  • FortiAnalyzer: 5.0.5 to 5.0.11 and 5.2.0 to 5.2.4 (branch 4.3 is not affected)
  • FortiSwitch: 3.3.0 to 3.3.2
  • FortiCache: 3.0.0 to 3.0.7 (branch 3.1 is not affected)
  • FortiOS 4.1.0 to 4.1.10
  • FortiOS 4.2.0 to 4.2.15
  • FortiOS 4.3.0 to 4.3.16
  • FortiOS 5.0.0 to 5.0.7

The company has denied that the remote access mechanism in its products constitutes a malicious "backdoor" that could be used for unauthorised user access.

Instead, the vulnerability is "an unintentional consequence of a feature that was designed with the intent of providing seamless access from an authorised FortiManager to registered FortiGate devices," Fortinet said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?