FortiOS & FortiProxy - SSH authentication bypass when RADIUS authentication is used
Summary
An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server.
Affected Products
FortiProxy version 7.0.0 through 7.0.6
FortiProxy version 2.0.0 through 2.0.10
FortiProxy 1.2 all versions
FortiOS version 7.2.0 through 7.2.1
FortiOS version 7.0.0 through 7.0.7
FortiOS version 6.4.0 through 6.4.9
FortiOS 6.2 all versions
FortiOS 6.0 all versions
Solutions
Please upgrade to FortiOS version 7.2.2 or above
Please upgrade to FortiOS version 7.0.8 or above
Please upgrade to FortiOS version 6.4.10 or above
Please upgrade to upcoming FortiOS version 6.2.13 or above
Please upgrade to FortiProxy version 7.0.7 or above
Please upgrade to FortiProxy version 2.0.11 or above