Fortinet products, including FortiGate and Forticlient, regularly send information to Fortinet servers using XOR "encryption" with a static key. FortiClientWindows versions 6.0.6 and below, and FortiClientMac versions 6.2.1 and below. After this advisory was released, Fortinet has confirmed that only FortiOS version 6.2.0 includes the patch.
======================================================================= title: FortiGuard XOR Encryption product: Multiple Fortinet Products (see Vulnerable / tested versions) vulnerable version: Multiple (see Vulnerable / tested versions) fixed version: Multiple (see Solution) CVE number: CVE-2018-9195 impact: High homepage: https://www.fortinet.com by: Stefan Viehböck (Office Vienna) SEC Consult Vulnerability Lab An integrated part of SEC Consult Europe | Asia | North America https://www.sec-consult.com ======================================================================= Vendor description: ------------------- "From the start, the Fortinet vision has been to deliver broad, truly integrated, high-performance security across the IT infrastructure. We provide top-rated network and content security, as well as secure access products that share intelligence and work together to form a cooperative fabric. Our unique security fabric combines Security Processors, an intuitive operating system, and applied threat intelligence to give you proven security, exceptional performance, and better visibility and control--while providing easier administration." Source: https://www.fortinet.com/corporate/about-us/about-us.html Business recommendation: ------------------------ The vendor provides a patch and users of affected products are urged to immediately upgrade to the latest version available. Vulnerability overview/description: ----------------------------------- Fortinet products, including FortiGate and Forticlient regularly send information to Fortinet servers (DNS: guard.fortinet.com) on - UDP ports 53, 8888 and - TCP port 80 (HTTP POST /fgdsvc) This cloud communication is used for the FortiGuard Web Filter feature (https://fortiguard.com/webfilter), FortiGuard AntiSpam feature (https://fortiguard.com/updates/antispam) and FortiGuard AntiVirus feature (https://fortiguard.com/updates/antivirus). The messages are encrypted using XOR "encryption" with a static key. The protocol messages contain the following types of information: **Serial number of the Fortinet product installation** (product type + unique ID). This information allows an attacker who can **passively monitor** internet traffic to: - learn which Fortinet products and product types an organization uses (this is valuable for information gathering, see EquationGroup Fortigate exploits) - learn which FortiClient installations are part of an organization - use the FortiClient serial number as a unique identifier to track an individual as he/she travels the world **Full HTTP URLs of users web surfing activity** (Web Filter feature). This information allows an attacker who can **passively monitor** internet traffic to spy on users' web surfing activity. In cases where SSL inspection is enabled, even the URLs of HTTPS-encrypted communication are sent via this protocol, effectively breaking the confidentiality of SSL/TLS. **Unspecified email data** (AntiSpam feature). We do not have any further information on what kind of information is sent by the AntiSpam feature. **Unspecified AntiVirus data** (AntiVirus feature). We do not have any further information on what kind of information is sent by the AntiVirus feature. By **intercepting and manipulating** internet traffic an attacker can: Manipulate the responses for FortiGuard Web Filter, AntiSpam and AntiVirus features. Proof of concept: ----------------- The following Python 3 script decrypts a FortiGuard message (the static XOR key has been removed from this advisory). ```python from itertools import cycle def forti_xor(s1): xor_key = **removed** message = ''.join(chr(c ^ k) for c, k in zip(s1, cycle(xor_key))) return message r1=bytes.fromhex('6968766f606e776c2d2d21262138475c5b5a475b545e475c6b6a776b646e776c6b6a772b646e776c6b6a776b646e776c6b6a776bbadf04036b6a776c616a846f') print(repr(forti_xor(r1))) ``` In this case the encrypted message contents are: '\x02\x02\x01\x04\x04\x00\x00\x00FGVMEV0000000000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\[email protected]\x00\x00\x00\x00\x00\x00...' Another example: '\x02\x01\x02\x04úI\x03\x00FG100D3G00000000\x00\x00\...x00\x00+https://v10.vortex-win.data.microsoft.com/\x00' Vulnerable / tested versions: ----------------------------- The following FortiOS versions are affected according to the vendor: * FortiOS 6.0.6 and below * FortiClientWindows 6.0.6 and below * FortiClientMac 6.2.1 and below The security advisory of the vendor can be found at: https://fortiguard.com/psirt/FG-IR-18-100 Vendor contact timeline: ------------------------ 2018-05-17: Contacting vendor through [email protected], sending advisory with public PGP key 2018-05-17: Auto-Response: "Thank you for contacting us regarding your inquiry. We have created a PSIRT ticket for this inquiry" 2018-05-17: Response: "Thank you to report us this vulnerability. I created an internal incident and I will communicate further with you while I'm investigating the impact of this." 2018-05-28: Requesting update, "If we don't get an appropriate response (see my initial email) by the end of next week, we will consider disclosing the vulnerability without further coordination." 2018-05-28: Auto-Response: "Thank you for contacting us regarding your inquiry. We have created a PSIRT ticket for this inquiry" 2018-06-05: Requesting update again, "This is the final attempt to contact you", plus reaching out to Fortinet via Twitter, LinkedIn. 2018-06-05: First response after 3 weeks, developers are working on a fix, "Please therefore kindly wait for further updates, while we are coordinating various stakeholders (including FortiGuard servers maintainers) for a fix." 2018-06-06: Requesting conference call. 2018-06 - 2019-11: Multiple conference calls, discussing technical details, agreeing on disclosure time 2019-03-28: Fix released in FortiOS 6.2.0 2019-04-01: Fix issued on FortiGuard server side 2019-11-13: Fix released for FortiOS branch 6.0, version 6.0.7 2019-11-25: Public release of security advisory Solution: --------- The vendor provides updated versions for the affected products: * FortiOS 6.0.7 or 6.2.0 * FortiClientWindows 6.2.0 * FortiClientMac 6.2.2 # 0day.today [2019-12-04] #