=====================================================================

                           CERT-Renater

               Note d'Information No. 2014/VULN089
_____________________________________________________________________

DATE                : 07/04/2014

HARDWARE PLATFORM(S): FortiBalancer version 400, 1000, 2000, 3000.

OPERATING SYSTEM(S): FortiBalancer software.

======================================================================
http://www.fortiguard.com/advisory/FG-IR-14-010/
______________________________________________________________________


FortiBalancer Remote SSH Vulnerability

A platform-specific remote access vulnerability has been discovered
that may allow a remote user to gain privileged access to affected
systems using SSH. The vulnerability is caused by a configuration
error, and is not the result of an underlying SSH defect.


Impact

Privileged access may be granted to unauthenticated users.


Affected Products

FortiBalancer 400, 1000, 2000 and 3000.
All software versions are affected.


Solutions

Apply the patch provided on the Fortinet Support site, or use one of
the workarounds shown below. The patch and supporting documentation are
available in the FortiBalancer firmware download directory, accessible
from https://support.fortinet.com. The following files are available:

FortiBalancer-Component-Patch.pdf - Installation Instructions
FBLOS-FortiBalancer-Patch-2014_02.fn - System patch

Other Workarounds:


1. Disable SSH on the Web UI via Admin Tools -> System Management.
Uncheck "enable SSH access" and click "save changes" on the top right.


2. Disable SSH in the console via:

config t
ssh off
write memory
exit


3. Use Webwall rules in order to block TCP port 22 destined to the load
balancer external IP address:

config t
accesslist deny tcp 0.0.0.0 0.0.0.0 0 <external-ip-address>
255.255.255.255 22 100
accesslist permit tcp 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0 0 100
accessgroup 100 <external-port>
webwall <external-port> on
write memory
exit


4. Use a firewall to block TCP port 22 access to the FortiBalancer.

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================