Vulnerability Details : CVE-2016-1909
Public exploit exists!
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
Exploit prediction scoring system (EPSS) score for CVE-2016-1909
Probability of exploitation activity in the next 30 days: 68.19%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2016-1909
-
Fortinet SSH Backdoor Scanner
Disclosure Date: 2016-01-09First seen: 2020-04-26auxiliary/scanner/ssh/fortinet_backdoorThis module scans for the Fortinet SSH backdoor. Authors: - operator8203 <operator8203@runbox.com> - wvu <wvu@metasploit.com>
CVSS scores for CVE-2016-1909
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-1909
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1909
-
http://seclists.org/fulldisclosure/2016/Jan/26
Full Disclosure: SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7Exploit
-
http://www.fortiguard.com/advisory/multiple-products-ssh-undocumented-login-vulnerability
FortiGuard
-
http://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios
404 Page Not Found
-
http://www.securitytracker.com/id/1034663
Fortinet FortiGate/FortiOS Undocumented SSH Access Lets Remote Users Access the Target System - SecurityTracker
-
http://packetstormsecurity.com/files/135225/FortiGate-OS-5.0.7-SSH-Backdoor.html
FortiGate OS 5.0.7 SSH Backdoor ≈ Packet StormExploit
-
https://twitter.com/esizkur/status/686842135501508608
Ralf (RPW) on Twitter: "SSH backdoors/bugdoors seem to become a pattern lately: https://t.co/RdlQxWyCRv. This edition sponsored by Fortinet."
-
https://www.exploit-db.com/exploits/39224/
404 Page Not Found | Exploit DatabaseExploit
Products affected by CVE-2016-1909
- cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.0.2:*:*:*:*:*:*:*