SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Device (Firewall)  >   Fortinet FortiGate/FortiOS Vendors:   Fortinet
Fortinet FortiGate/FortiOS Undocumented SSH Access Lets Remote Users Access the Target System
SecurityTracker Alert ID:  1034663
SecurityTracker URL:  http://securitytracker.com/id/1034663
CVE Reference:   CVE-2016-1909   (Links to External Site)
Updated:  Jan 26 2016
Original Entry Date:  Jan 13 2016
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.3.0 to 4.3.16, 5.0.0 to 5.0.7
Description:   A vulnerability was reported in Fortinet FortiGate/FortiOS. A remote user can gain access to the target system.

A remote user can gain access to the target system via SSH using an undocumented account.

Systems with "Administrative Access" enabled for SSH are affected.

Impact:   A remote user can gain access to the target system.
Solution:   The vendor silently issued a fix (4.3.17, 5.0.8) [in July 2014].

[Editor's note: A security advisory was not released by the vendor until January 2016.]

The vendor's advisory is available at:

http://www.fortiguard.com/advisory/fortios-ssh-undocumented-interactive-login-vulnerability

Vendor URL:  www.fortiguard.com/advisory/fortios-ssh-undocumented-interactive-login-vulnerability (Links to External Site)
Cause:   Not specified

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 27 2016 (Fortinet Issues Fix for Fortinet FortiAnalyzer) Fortinet FortiGate/FortiOS Undocumented SSH Access Lets Remote Users Access the Target System
Fortinet has issued a fix for Fortinet FortiAnalyzer.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2016, SecurityGlobal.net LLC