FortiBalancer Remote SSH Vulnerability
A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.
FortiBalancer 400, 1000, 2000 and 3000.
All software versions are affected.
Apply the patch provided on the Fortinet Support site, or use one of the workarounds shown below. The patch and supporting documentation are available in the FortiBalancer firmware download directory, accessible from https://support.fortinet.com. The following files are available:
FortiBalancer-Component-Patch.pdf - Installation Instructions
FBLOS-FortiBalancer-Patch-2014_02.fn - System patch
1. Disable SSH on the Web UI via Admin Tools -> System Management. Uncheck "enable SSH access" and click "save changes" on the top right.
2. Disable SSH in the console via:
3. Use Webwall rules in order to block TCP port 22 destined to the load balancer external IP address:
accesslist deny tcp 0.0.0.0 0.0.0.0 0 <external-ip-address> 255.255.255.255 22 100
accesslist permit tcp 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0 0 100
accessgroup 100 <external-port>
webwall <external-port> on
4. Use a firewall to block TCP port 22 access to the FortiBalancer.