PT-2020-7632 · Fortinet · Fortibalancer

Published

2020-03-19

Updated

2020-03-23

CVE-2014-2721

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FortiBalancer versions 400, 1000, 2000, 3000

Description A platform-specific remote access issue has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The issue is caused by a configuration error and is not the result of an underlying SSH defect.

Recommendations For FortiBalancer versions 400, 1000, 2000, 3000, consider reconfiguring the system to prevent remote access vulnerabilities. As a temporary workaround, restrict SSH access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2014-2721

Affected Products

Fortibalancer

PT-2020-7632 · Fortinet · Fortibalancer

CVE-2014-2721

Weakness Enumeration

Related Identifiers

Affected Products

References · 3