====================================================================

                             CERT-Renater

                  Note d'Information No. 2012/VULN456
____________________________________________________________________

DATE                :  09/11/2012

HARDWARE PLATFORM(S): Fortigate UTM appliances.

OPERATING SYSTEM(S) : Fortigate UTM appliances software.

======================================================================
http://www.kb.cert.org/vuls/id/111708
______________________________________________________________________

Vulnerability Note VU#111708
Fortigate UTM appliances share the same default CA certificate

Original Release date: 02 Nov 2012 | Last revised: 02 Nov 2012


Overview

Fortigate UTM appliances that support SSL/TLS deep packet inspection
share the same self-signed Fortigate CA certificate and associated
private key across all devices. The private key, which has been
compromised, allows attackers to create and sign fake certificates.


Description

Fortigate UTM appliances share the same self-signed Fortigate CA
certificate. Companies that use these appliances for deep packet
inspection will have most likely deployed the CA certificate to
endpoint web browsers so certificate warnings will not be seen by an
end-user. Since the associated private key has been compromised
(published on the web), an attacker with a man-in-the-middle
vantage point on the network will be able to simulate the behavior of
the Fortigate appliance and eavesdrop on encrypted communications or
spoof websites. Also, the attacker may digitally sign malicious
software, spoofing the identity of the publisher.


Impact

Primarily at risk are users who have imported the compromised Fortigate
CA certificate into their web browser or operating system. This risk
applies equally within the company (connected to a network behind the
Fortigate UTM appliance) as anywhere else. An attacker with a
man-in-the-middle vantage point on the current network may be able to
eavesdrop on encrypted communications. In addition, an attacker may
falsify digital signatures such as Authenticode.


Solution

Install a new CA certificate

The vendor recommends the following steps be taken to address this
vulnerability.

    Admin creates/obtains a CA certificate for which only they have the
private key.
    Admin installs the CA certificate on FortiGate.
    Admin uses "set caname xxx" to select that certificate for SSL deep
    inspection.

Disable the Fortigate CA certificate

Endpoints should not trust the self-signed Fortigate CA certificate.
The following certificate information is for the certificate that
should be distrusted:

Subject: "E = support@fortinet.com; CN = FortiGate CA; OU = Certificate
Authority; O = Fortinet; L = Sunnyvale; S = California; C = US";
Thumbprint: 3e 20 7f 9a 6b d9 5c 7c 2b 89 11 67 d3 2f 57 87 2f 76 60 14

The preferrable way to distrust a CA certificate is to import it to the
"Untrusted certificates" branch of the system certificate store. To
continue the use of SSL/TLS deep packet inspection, a new, unique, CA
certificate may be generated and imported into the Fortigate UTM
appliance. To prevent users from experiencing certificate errors, that
new CA certificate can be imported into web browsers. Chapter 6 of the
FortiOS handbook contains instructions on how to replace the default CA
certificate.



Vendor Information (Learn More)
Vendor			Status		Date Notified	Date Updated
Fortinet, Inc.		Affected	07 Sep 2012	30 Oct 2012

If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)
Group 		Score 	Vector
Base 		4.6 	AV:A/AC:H/Au:N/C:C/I:N/A:N
Temporal 	3.7 	E:F/RL:W/RC:UC
Environmental 	3.7 	CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND


References


http://docs.fortinet.com/fos40hlp/43/wwhelp/wwhimpl/common/html/wwhelp.htm?context=fgt&file=misc_utm_chapter.61.13.html
    http://kb.fortinet.com/kb/viewContent.do?externalId=FD32404
    http://www.fortinet.com/solutions/unified_threat_management.html
    https://media.torproject.org/misc/2012-07-03-cyberoam-CVE-2012-3372.txt
    http://docs.fortinet.com/fos40hlp/43/wwhelp/wwhimpl/js/html/wwhelp.htm


Credit

Thanks to Bitwiper for reporting this vulnerability.

This document was written by Jared Allar.
Other Information

    CVE IDs: CVE-2012-4948
    Date Public: 22 Oct 2012
    Date First Published: 02 Nov 2012
    Date Last Updated: 02 Nov 2012
    Document Revision: 19


Feedback

If you have feedback, comments, or additional information about this
vulnerability, please send us email.


=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================