How to find Fortinet web application firewall devices

Updated

Latest Fortinet WAF vulnerability #

Recently published security research from Rapid7 provides details on an OS command injection vulnerability in Fortinet's web application firewall (WAF) product line known as FortiWeb. This vulnerability exists in the FortiWeb management interface (versions 6.3.11 and prior) and has a CVSSv3 base score of 8.7 (currently awaiting CVE assignment). While authentication is required for successful exploitation of this vulnerability, Rapid7 researchers point out that chaining this with exploitation of an existing authentication bypass vulnerability could be a successful attack vector against vulnerable FortiWeb targets.

Fortinet is tracking this issue as FG-IR-21-116 (with a fix in the upcoming FortiWeb 6.4.1 release) and advising current FortiWeb owners with a workaround until the patch is available.

How to find Fortinet web application firewall devices with Rumble #

From the Services inventory, use the following pre-built query to locate FortiWeb assets in your network:

os:fortinet AND (tls.names:="FWB%" OR (tls.names:="FV%" AND NOT tls.names:="FVE%" AND NOT tls.names:="FVC%"))
Find fortinet devices

As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.

Written by Pearce Barry

More about Pearce Barry
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

Rapid Response
How to find PKIX-SSH services on your network
A fork of OpenSSH called PKIX-SSH was impacted by the recently discovered regreSSHion vulnerability. Here's how to find impacted services on your...
Rapid Response
How to find Westermo devices on your network
Westermo has disclosed several vulnerabilities regarding their Lynx Industrial Ethernet switches. Here's how to find them on your network.
Rapid Response
How to find Kaspersky products with runZero
The US government has banned the sale of Kaspersky products and services. Here's how to find Kaspersky products in your network.
Rapid Response
How to find Microsoft Message Queuing (MSMQ) servers on your network
A new pre-auth use-after-free vulnerability in the Microsoft Message Queuing (MSMQ) service is rated critical. Find impacted systems now with runZero.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved