A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user 'tunneluser' by leveraging knowledge of the private key from another installation or a firmware image. Note: Restricted user 'tunneluser' runs in a restricted shell that lets only that user create tunnel connections from the supervisor to the originating IP (i.e. enabling reverse-shell connections to the IP that initiated the connection). This is a feature that exists to enable connecting to collectors from the supervisor when there is a firewall between the collector and the supervisor.
Vulmon