CVE-2019-17659
First published: Mon Mar 17 2025(Updated: )
A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiSIEM Windows Agent |
Remedy
Please upgrade to FortiSIEM version 5.2.7 and above where this issue is resolved. Workaround (for FortiSIEM version 5.2.6 and lower): Customers who are not using the reverse tunnel feature are advised to disable SSH service on port 19999 by following the steps below : 1. SSH to the Supervisor node as the root user. 2. Remove tunneluser SSH configuration file to disable listening on port 19999: rm -f /etc/ssh/sshd_config.tunneluser echo rm -f /etc/ssh/sshd_config.tunneluser >> /etc/init.d/phProvision.sh 3. Then terminate sshd running on TCP Port 19999 as follows: pkill -f /usr/sbin/sshd -p 19999 4.Additional steps can be performed on Supervisor to remove the keys associated with tunneluser account: rm -f /opt/phoenix/deployment/id_rsa.pub.tunneluser rm -f /home/tunneluser/.ssh/authorized_keys rm -f /opt/phoenix/id_rsa.tunneluser ~admin/.ssh/id_rsa Customers are also advised to disable "tunneluser" SSH access on port 22 by following the steps bwlow: 1. SSH to the Supervisor node as the root user. 2. Add/edit the following line in sshd_config file: echo DenyUsers tunneluser >> /etc/ssh/sshd_config 3. service sshd restart
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-17659?
CVE-2019-17659 has a critical severity rating due to the potential for remote unauthorized SSH access.
How do I fix CVE-2019-17659?
To mitigate CVE-2019-17659, update FortiSIEM to the latest version that addresses this vulnerability.
Who is affected by CVE-2019-17659?
Organizations using FortiSIEM version 5.2.6 are affected by CVE-2019-17659.
What type of attack can exploit CVE-2019-17659?
CVE-2019-17659 can be exploited by remote unauthenticated attackers gaining unauthorized SSH access.
What is the impact of CVE-2019-17659?
The impact of CVE-2019-17659 includes unauthorized access to sensitive systems and potential data breaches.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/type
- agent/remedy
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/fortinet
- canonical/fortinet fortisiem windows agent