FortiADC-E remote network access vulnerability

Impact Detail

An unprivileged user may be able to inject packets into any network configured on the FortiADC, or may be able to communicate with hosts present on networks configured on the FortiADC.

Affected Products

All FortiADC "E" models and all Coyote Point Equalizer models.Software releases between 3.1.1 and 4.0.4 (including both) for FortiADC and 10.2.0a for Coyote Point are vulnerable.

Solutions

Upgrade to 4.0.5 (FortiADC-E only) or apply the patch provided on the Fortinet Support site. The patch and supporting documentation are available in the FortiADC-E and CoyotePoint firmware download directories, accessible from https://support.fortinet.com. The following files are available:
For FortiADC-E hardware:
   FortiADC_4.0_build0027_upgrade_release.tar.gz   FortiADC-E-4 0 4-GA-Release-Notes.pdf
For CoyotePoint hardware and Equalizer OnDemand:
   10.3.0g-RELEASE.tgz   10.3.0g-250GX.tgz   relnotes_10.3.0.pdf
Workaround
Disable administrative access on all interfaces connecting to insecure networks.
From the GUI, navigate to that subnet's configuration page and disable the following flags: SSH, HTTP, HTTPS, SNMP
From the CLI, enter the subnet context and execute "services !ssl, !http, !https, !snmp" follwed by "commit".