A review of all the products allowed Fortinet to discover the same SSH backdoor on some versions of its solutions. Fortinet used a secret authentication for FortiOS-based security appliances, but unknown experts were able to make a reverse-engineering of the code discovering the secret passphrase used to access the backdoor. A Python script to exploit the backdoor has been published on the Full Disclosure mailing list as a proof of concept code. Running the script against a vulnerable Forti-OS firewall the attacker will gain administrator level command-line access to the device.”]
Source: http://securityaffairs.co/wordpress/43871/hacking/fortinet-ssh-backdoor.html