PSIRT Advisory

ZebOS routing remote shell service enabled


A remote attacker may access the internal ZebOS shell of FortiOS 5.2.3 without authentication on the HA ("High Availability") dedicated management interface only.
Only FortiGates configured with HA *and* with an enabled HA dedicated management interface are vulnerable.
Note: when a FortiGate is configured to use HA, the dedicated management interface is disabled by default .


Remote shell access

Affected Products

FortiGate v5.2.3 only.


FortiOS 5.2.3 must be upgraded to FortiOS 5.2.4.
FortiOS 5.2.2 and lower are not affected.
FortiOS 5.0.12 and lower are not affected.
As a workaround the LAN access to the HA interface may be filtered by a transit firewall or not routed.


Thanks to Burda Digital Systems.