Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
fropert_FTNT
Staff
Staff

Created on ‎03-02-2016 08:25 AM

Article Id 190649

PSIRT Note: BeyondTrust Retina incorrectly reports FortiManager vulnerable to OpenSSH vulnerabilities

Description
The BeyondTrust Retina scanner reports that FortiManager is vulnerable to multiple OpenSSH vulnerabilities.

It includes CVE-2015-5352, CVE-2015-5600, CVE-2015-6564 and CVE-2015-6565.

Solution
The current version of OpenSSH embedded in FortiManager is customized and protected from latest vulnerabilities despite the SSH banner showing OpenSSH 6.0p1.

  • CVE-2015-5352 requires X11 connections to be enabled in the OpenSSH configuration.

    FortiManager does not permit X11 connections and is not vulnerable.

  • CVE-2015-5600 relies on the misuse of the OpenSSH keyboard-interactive authentication with the MaxAuthTries setting to trigger a bruteforce attack.

    The OpenSSH embedded in FortiManager uses a custom protection to prevent any bruteforce attack.  FortiManager is not prone to this vulnerability.

  • CVE-2015-6564 is exploitable with the OpenSSH portable version.

    FortiManager does not use the OpenSSH portable version and is not vulnerable.

  • CVE-2015-6565 concerns only OpenSSH 6.8 and 6.9.

    FortiManager does not use these OpenSSH version.

After further investigation, this proves to be false positive.

All supported versions of FortiManager are not vulnerable.

768
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.