Vulnerability identifier: #VU24132
Vulnerability risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-321
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
FortiSIEM
Server applications /
DLP, anti-spam, sniffers
Vendor: Fortinet, Inc
Description
The vulnerability allows a remote attacker to gain unauthorized access to the system.
The vulnerability exists due to usage of a hard-coded ssh key for the "tunneluser" account, present in "/home/tunneluser/.ssh/authorized_keys". A remote attacker can use the ssh key to connect to FortiSIEM via SSH service on port 1999/TCP.
Mitigation
Install update from vendor's website.
Vulnerable software versions
FortiSIEM: 5.2.0 - 5.2.6
External links
http://packetstormsecurity.com/files/download/155868/fortisiem-hardcoded.txt
http://fortiguard.com/psirt/FG-IR-19-296
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.