Andrew Klaus, a security specialist from Cybera, discovered a
The expert discovered that the Fortinet devices share the same SSH key for the user ‘
Fortinet published a security advisory for the issue that is tracked as CVE-2019-17659.
The vulnerability could be exploited by attackers to trigger a
“A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user “tunneluser” by leveraging knowledge of the private key from another installation or a firmware image.” reads the advisory.
The user ‘
Fortinet invites customers that are not using the reverse tunnel feature to disable SSH on port 19999 that only allows
Below the timeline of the vulnerability:
The flaw affects FortiSIEM version 5.2.6 and below, the tech firm addressed it with the release of FortiSIEM version 5.2.7.