Threat Advisory: Fortinet Communication on “Backdoor Vulnerability”
January 13, 2016
On Tuesday a researcher posted a screenshot allegedly demonstrating someone using an exploit code to gain remote access to a server running Fortinet’s FortiOS software.
Fortinet has communicated publicly that this issue was disclosed and resolved in July of 2014.
They’ve stated, “This was not a “backdoor” vulnerability issue but rather a management authentication issue. The issue was identified by our Product Security team as part of their regular review and testing efforts. After careful analysis and investigation, we were able to verify this issue was not due to any malicious activity by any party, internal or external”.
Users leveraging the versions below are not impacted:
- FortiOS v4.3.17 or any later version of FortiOS v4.3 (available as of July 9, 2014)
- FortiOS v5.0.8 or any later version of FortiOS v5.0 (available as of July 28, 2014)
- Any version of FortiOS v5.2 or v5.4
If you are using a different version, Fortinet recommends you immediately update your FortiOS product.
Please refer to the Product Security Advisory posted here for further information.
Stay Informed
Follow us on Twitter
Connect with us on LinkedIn
Subscribe to Herjavec Group News
About Herjavec Group
Dynamic entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity Services, Managed Security Services, Threat Management and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.
