FortiOS Fortimanager_Access SSH account backdoor

Added: 01/25/2016
CVE: CVE-2016-1909

Background

FortiOS is the operating system used by FortiGate network security appliances.

Problem

An undocumented account can be used to gain unauthorized access to the appliance.

Resolution

Upgrade to FortiOS 4.1.11, 4.2.16, 4.3.17, 5.0.8, 5.2.0, 5.4.0, or later.

References

http://www.fortiguard.com/advisory/multiple-products-ssh-undocumented-login-vulnerability

Limitations

Exploit requires the paramiko Python module to be installed.

Platforms

FortiOS

Back to exploit index