Fortinet has released updates for FortiSwitch in response to a critical unverified password change vulnerability. This vulnerability could allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request. Besides the updates, Fortinet also offers a workaround for this vulnerability.
The report below will give you an overview of all potentially vulnerable FortiSwitch devices in your network so that you can more easily track which switches have been updated and which may still be vulnerable. You can read more about this issue in our Vulnerability blog post.
Select Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tsysAssetTypes.AssetTypeIcon10 As icon, tblAssets.IPAddress, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tblAssets.Description, Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, tblAssets.Lastseen, tblAssets.Lasttried From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblState On tblState.State = tblAssetCustom.State Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Where tblAssetCustom.Manufacturer Like '%fortinet%' and (tblassetcustom.model LIKE '%108F%' OR tblassetcustom.model LIKE '%108F-POE%' OR tblassetcustom.model LIKE '%108F-FPOE%' OR tblassetcustom.model LIKE '%110G-FPOE%' OR tblassetcustom.model LIKE '%124F%' OR tblassetcustom.model LIKE '%124F-POE%' OR tblassetcustom.model LIKE '%124F-FPOE%' OR tblassetcustom.model LIKE '%148F%' OR tblassetcustom.model LIKE '%148F-POE%' OR tblassetcustom.model LIKE '%148F-FPOE%' OR tblassetcustom.model LIKE '%124G%' OR tblassetcustom.model LIKE '%124G-POE%' OR tblassetcustom.model LIKE '%124G-FPOE%' OR tblassetcustom.model LIKE '%224E%' OR tblassetcustom.model LIKE '%224E-POE%' OR tblassetcustom.model LIKE '%248D%' OR tblassetcustom.model LIKE '%248E-POE%' OR tblassetcustom.model LIKE '%248E-FPOE%' OR tblassetcustom.model LIKE '%424E%' OR tblassetcustom.model LIKE '%424E-POE%' OR tblassetcustom.model LIKE '%424E-FPOE%' OR tblassetcustom.model LIKE '%424E-FIBER%' OR tblassetcustom.model LIKE '%448E%' OR tblassetcustom.model LIKE '%448E-POE%' OR tblassetcustom.model LIKE '%448E-FPOE%' OR tblassetcustom.model LIKE '%M426E-FPOE%' OR tblassetcustom.model LIKE '%548D%' OR tblassetcustom.model LIKE '%548D-FPOE%' OR tblassetcustom.model LIKE '%624F%' OR tblassetcustom.model LIKE '%624F-FPOE%' OR tblassetcustom.model LIKE '%648F%' OR tblassetcustom.model LIKE '%648F-FPOE%' OR tblassetcustom.model LIKE '%1024E%' OR tblassetcustom.model LIKE '%T1024E%' OR tblassetcustom.model LIKE '%T1024F-FPOE%' OR tblassetcustom.model LIKE '%1048E%' OR tblassetcustom.model LIKE '%2048F%' OR tblassetcustom.model LIKE '%3032E%' OR tblassetcustom.model LIKE '%112D-POE%' OR tblassetcustom.model LIKE '%216F-POE%' OR tblassetcustom.model LIKE '%424F-POE%') And tblState.Statename = 'Active' Order By tblAssetCustom.Model, tblAssets.IPAddress
Explore the full platform, free for 14 days.
No credit card required.