FortiBalancer Remote SSH Vulnerability Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-14-010 Final 1 1 2014-04-02T00:00:00 Current version 2014-04-02T00:00:00 2014-04-02T00:00:00 A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. Remote Access FortiBalancer 400, 1000, 2000 and 3000.All software versions are affected. Apply the patch provided on the Fortinet Support site, or use one of the workarounds shown below. The patch and supporting documentation are available in the FortiBalancer firmware download directory, accessible from https://support.fortinet.com. The following files are available:FortiBalancer-Component-Patch.pdf - Installation InstructionsFBLOS-FortiBalancer-Patch-2014_02.fn - System patchOther Workarounds:1. Disable SSH on the Web UI via Admin Tools -> System Management. Uncheck "enable SSH access" and click "save changes" on the top right.2. Disable SSH in the console via:config tssh offwrite memoryexit3. Use Webwall rules in order to block TCP port 22 destined to the load balancer external IP address:config taccesslist deny tcp 0.0.0.0 0.0.0.0 0 <external-ip-address> 255.255.255.255 22 100accesslist permit tcp 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0 0 100accessgroup 100 <external-port>webwall <external-port> onwrite memoryexit4. Use a firewall to block TCP port 22 access to the FortiBalancer. CVE-2014-2721 password issue CVE-<br />2014-2722 key issue CVE-<br />2014-2723 permission issue https://fortiguard.fortinet.com/psirt/FG-IR-14-010 FortiBalancer Remote SSH Vulnerability Reference>