ZebOS routing remote shell service enabled
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-15-020
Final
1
1
2015-07-24T00:00:00
Current version
2015-07-24T00:00:00
2015-07-24T00:00:00
None
A remote attacker may access the internal ZebOS shell of FortiOS 5.2.3 without authentication on the HA ("High Availability") dedicated management interface only. Only FortiGates configured with HA *and* with an enabled HA dedicated management interface are vulnerable. Note: when a FortiGate is configured to use HA, the dedicated management interface is disabled by default .
Remote shell access
FortiGate v5.2.3 only.
FortiOS 5.2.3 must be upgraded to FortiOS 5.2.4.FortiOS 5.2.2 and lower are not affected.FortiOS 5.0.12 and lower are not affected.As a workaround the LAN access to the HA interface may be filtered by a transit firewall or not routed.
Thanks to Burda Digital Systems.
ZebOS routing remote shell service enabled
CVE-2015-7361
https://fortiguard.fortinet.com/psirt/FG-IR-15-020
ZebOS routing remote shell service enabled
Reference>