Expert found a
hardcoded SSH public key in Fortinet ’s Security Information and Event Management FortiSIEM that can allow access to the FortiSIEM Supervisor.
Andrew Klaus, a security specialist from Cybera, discovered a
The expert discovered that the Fortinet devices share the same SSH key for the user ‘
Fortinet published a security advisory for the issue that is tracked as CVE-2019-17659.
The vulnerability could be exploited by attackers to trigger a
“A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user “tunneluser” by leveraging knowledge of the private key from another installation or a firmware image.” reads the advisory.
The user ‘
Fortinet invites customers that are not using the reverse tunnel feature to disable SSH on port 19999 that only allows
Below the timeline of the vulnerability:
- Dec 2, 2019: Email sent to Fortinet PSIRT with vulnerability details.
- Dec 3, 2019: Automated reply from PSIRT that email was received.
- Dec 23, 2019: Sent a reminder email to PSIRT about requesting a human confirmation.
- Jan 3, 2019: Public Release.
The flaw affects FortiSIEM version 5.2.6 and below, the tech firm addressed it with the release of FortiSIEM version 5.2.7.