CrowdStrike Update Causes BSOD Issues Globally – Audit Available 🛡️ Learn more

TRY NOW

Fortinet Authentication Bypass Vulnerability

Network Devices Vulnerability

Discover Vulnerable Fortinet Devices in Your IT Estate

Fortinet released two new firmware versions for their devices. FortiOS/FortiProxy versions 7.0.7 and 7.2.2 include fixed for CVE-2022-40684, an authentication bypass vulnerability with a CVSS score of 9.6! The company has shared the following information via a customer support bulletin: “An authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests,”. You can read more about this vulnerability in the Fortinet Authentication Bypass Vulnerability blog post.

 

Fortinet Authentication Bypass Vulnerability Query

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssets.Description,
Subquery1.Label As OID,
Subquery1.Data As Version,
Right(Subquery1.DataClean, CharIndex('v', Reverse(Subquery1.DataClean)) -
1) As [Version (Normalized)],
Case
When Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 3) As int) = 7 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 2) As int) = 0 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 1) As int) >= 0 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 1) As int) <= 6 Then 'Vulnerable'
When Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 3) As int) = 7 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 2) As int) = 2 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 1) As int) >= 0 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 1) As int) <= 1 Then 'Vulnerable'
Else ''
End As [FortiOS Vulnerable],
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select tblOIDData.AssetID,
tblOIDData.Label,
tblOIDData.Data,
SubString(tblOIDData.Data, CharIndex('v', tblOIDData.Data), CharIndex(',',
tblOIDData.Data) - 1 - CharIndex('v', tblOIDData.Data) + Len(',')) As
DataClean
From tblOIDData
Where tblOIDData.Label Like '%version%') As Subquery1 On Subquery1.AssetID =
tblAssets.AssetID
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where tblAssetCustom.Manufacturer Like '%fortinet%' And tblState.Statename =
'Active'
Order By tblAssetCustom.Model,
tblAssets.IPAddress,
Subquery1.DataClean

Show

Hide

NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.