Teleport Remote Authentication Bypass

What is the Vulnerability?Teleport security engineers have discovered a critical vulnerability affecting Teleport versions earlier than 17.5.2. This flaw allows remote attackers to bypass SSH authentication on servers running Teleport SSH agents, OpenSSH-integrated deployments, and Teleport Git proxy setups. Exploiting this vulnerability could enable unauthorized access to Teleport-managed systems by circumventing standard authentication controls. View more information on the Community Article posted by FortiCNAPP. [FortiCNAPP – Fortinet Community]Teleport is an open-source platform that provides zero trust access to servers and cloud applications through protocols such as SSH, Kubernetes, databases, Remote Desktop Protocol (RDP), and HTTPS.Currently, there is no public proof-of-concept exploit available, nor any evidence indicating that this vulnerability has been exploited in the wild.What is the recommended Mitigation?To mitigate this vulnerability, self-hosted Teleport users should immediately upgrade Teleport Proxy and SSH services to one of the following versions: 17.5.2, 16.5.12, 15.5.3, 14.4.1, 13.4.27, or 12.4.35.According to the vendor, Teleport Cloud Infrastructure and CI/CD build, test, and release infrastructure aren’t affected. For full mitigation, the vendor suggests upgrading both Proxy and Teleport agents.What FortiGuard Coverage is available?• FortiCNAPP can automatically detect this vulnerability on affected systems via the Vulnerability Management module. • FortiCNAPP Threat Detection can help to detect and respond to unusual behavior and active threats automatically and provides high-fidelity, low-noise alerts. [Cloud Threat Detection | FortiGuard Labs]• The FortiGuard Incident Response team can be engaged to help with any suspected compromise.