Hard-coded SSH key in Fortinet FortiSIEM
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-17659 |
| CWE-ID | CWE-321 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
FortiSIEM Server applications / DLP, anti-spam, sniffers |
| Vendor | Fortinet, Inc |
Security Bulletin
This security bulletin contains information about 1 vulnerabilities.
Updated: 16.01.2020
Added information about patch availability, assigned CVE-ID, added link to vendor's advisory.
1) Use of Hard-coded Cryptographic Key
EUVDB-ID: #VU24132
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C]
CVE-ID: CVE-2019-17659
CWE-ID:
CWE-321 - Use of Hard-coded Cryptographic Key
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to the system.
The vulnerability exists due to usage of a hard-coded ssh key for the "tunneluser" account, present in "/home/tunneluser/.ssh/authorized_keys". A remote attacker can use the ssh key to connect to FortiSIEM via SSH service on port 1999/TCP.
Install update from vendor's website.
Vulnerable software versionsFortiSIEM: 5.2.0 - 5.2.6
External linkshttp://packetstormsecurity.com/files/download/155868/fortisiem-hardcoded.txt
http://fortiguard.com/psirt/FG-IR-19-296
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
