PSIRT Advisory

ZebOS routing remote shell service enabled

Description

A remote attacker may access the internal ZebOS shell of FortiOS 5.2.3 without authentication on the HA ("High Availability") dedicated management interface only.
Only FortiGates configured with HA *and* with an enabled HA dedicated management interface are vulnerable.
Note: when a FortiGate is configured to use HA, the dedicated management interface is disabled by default .

Impact

Remote shell access

Affected Products

FortiGate v5.2.3 only.

Solutions

FortiOS 5.2.3 must be upgraded to FortiOS 5.2.4.
FortiOS 5.2.2 and lower are not affected.
FortiOS 5.0.12 and lower are not affected.
As a workaround the LAN access to the HA interface may be filtered by a transit firewall or not routed.

Acknowledgement

Thanks to Burda Digital Systems.