FortiADC-E remote network access vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-14-032
Final
1
1
2014-10-21T00:00:00
Current version
2014-10-21T00:00:00
2014-10-21T00:00:00
Unprivileged network access
All FortiADC "E" models and all Coyote Point Equalizer models.Software releases between 3.1.1 and 4.0.4 (including both) for FortiADC and 10.2.0a for Coyote Point are vulnerable.
Upgrade to 4.0.5 (FortiADC-E only) or apply the patch provided on the Fortinet Support site. The patch and supporting documentation are available in the FortiADC-E and CoyotePoint firmware download directories, accessible from https://support.fortinet.com. The following files are available:For FortiADC-E hardware: FortiADC_4.0_build0027_upgrade_release.tar.gz FortiADC-E-4 0 4-GA-Release-Notes.pdfFor CoyotePoint hardware and Equalizer OnDemand: 10.3.0g-RELEASE.tgz 10.3.0g-250GX.tgz relnotes_10.3.0.pdfWorkaroundDisable administrative access on all interfaces connecting to insecure networks.From the GUI, navigate to that subnet's configuration page and disable the following flags: SSH, HTTP, HTTPS, SNMPFrom the CLI, enter the subnet context and execute "services !ssl, !http, !https, !snmp" follwed by "commit".
FortiADC-E remote network access vulnerability
https://fortiguard.fortinet.com/psirt/FG-IR-14-032
FortiADC-E remote network access vulnerability
Reference>