Technical Tip: OpenSSH regreSSHion Attack (CVE-2024-6387) affecting FortiWeb sshd process

PSIRT advisories (FG-IR-24-258) mentioned FortiWeb 7.2.0 through 7.2.9, 7.4.0 through 7.4.4 and 7.6.0 are vulnerable to CVE-2024-6387. It is a high-severity flaw in OpenSSH’s sshd component. It results from a race condition in signal handling, which could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.

Solution:

• Upgrade to 7.2.10 or above.
• Upgrade to 7.4.5 or above.
• Upgrade to 7.6.1 or above.
  
  

Technical Tip: How to manually download and upgrade FortiWeb firmware image on FortiWeb

Mitigation:
Limiting SSH access to authorized hosts/network segments.

Workaround:

1. Disable SSH and use CLI console from GUI.

In GUI:

In CLI:

config system interface
    edit "port1"
        set type physical
        set ip X.X.X.X/X
        set allowaccess ping ssh snmp http https
                config secondaryip
            end
                config classless_static_route
            end
        next
    end

Run the CLI command stated below to disable SSH administrative access.

config system interface
    edit "port1"
         set allowaccess ping snmp http https
    end

It will exclude ‘SSH’ in allow-access settings.

Note:

Repeat the same steps in SSH-enabled interfaces.

PSIRT advisories:
PSIRT - FG-IR-24-258