Skip to main content
shafiq23
Staff & Editor
shafiq23
Staff & Editor
November 8, 2024

Technical Tip: OpenSSH regreSSHion Attack (CVE-2024-6387) affecting FortiWeb sshd process

  • November 8, 2024
  • 0 replies
  • 1528 views
Description This article describes how to solve CVE-2024-6387 on affected versions and steps to disable SSH administrative access via the interface as a workaround.
Scope FortiWeb, FortiWeb-VM.
Solution

PSIRT advisories (FG-IR-24-258) mentioned FortiWeb 7.2.0 through 7.2.9, 7.4.0 through 7.4.4 and 7.6.0 are vulnerable to CVE-2024-6387. It is a high-severity flaw in OpenSSH’s sshd component. It results from a race condition in signal handling, which could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.

Solution:

  • Upgrade to 7.2.10 or above.
  • Upgrade to 7.4.5 or above.
  • Upgrade to 7.6.1 or above.

Technical Tip: How to manually download and upgrade FortiWeb firmware image on FortiWeb

Mitigation:
Limiting SSH access to authorized hosts/network segments.

 

Workaround:

  1. Disable SSH and use CLI console from GUI.

 

In GUI:

 

1.PNG

 


In CLI:

 

config system interface
    edit "port1"
        set type physical
        set ip X.X.X.X/X
        set allowaccess ping ssh snmp http https
                config secondaryip
            end
                config classless_static_route
            end
        next
    end

Run the CLI command stated below to disable SSH administrative access.

config system interface
    edit "port1"
         set allowaccess ping snmp http https
    end

It will exclude ‘SSH’ in allow-access settings.

 

Note:

Repeat the same steps in SSH-enabled interfaces.

PSIRT advisories:
PSIRT - FG-IR-24-258
Terms & ConditionsAccessibility statement