Network Security, Patch/Configuration Management, Vulnerability Management

Fortinet says remote access vulnerability wasn’t malicious or a backdoor

Fortinet denied claims that a recently disclosed interactive login vulnerability affecting older versions of FortiOS was a backdoor.

The firm referred to the vulnerability that could allow remote console access to vulnerable devices with "Administrative Access" enabled for secure shell (SSH), as a “management authentication” issue in a Jan. 12 blog post. The firm said the issue was identified by its product security team and was not the result of malicious activity.

“The recent issue that was disclosed publicly was resolved and a patch was made available in July 2014,” the post said.

The alleged backdoor affected FortiOS Version 4.x up to 5.0.7 and was published in a Full Disclosure report last week. Some researchers reportedly assumed that the flaw was a backdoor similar to the one found in Juniper that is believed to be the result of unauthorized code introduced by third parties.

Pierluigi Stella, chief technology officer (CTO) at Network Box USA, told SCMagazine.com he believes the vulnerability was a backdoor despite what it's called.

“According to what I'm reading, this password was embedded into the code, it wasn't a password someone forgot to write into a password file,” Stella said.

The vulnerability a way to get into the system remotely and undetected without hacking, he explained.

Stella said he doesn't think the “backdoor” was unintentional and speculated that it could have been the work of a rogue researcher or even part of NSA surveillance, but said ultimately it's unclear why the vulnerability was allegedly put in place.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.