Fortinet RCE Vulnerability Audit – CVE-2024-21762

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssets.Description,
Subquery1.Label As OID,
Subquery1.Data As Version,
Right(Subquery1.DataClean, CharIndex('v', Reverse(Subquery1.DataClean)) -
1) As [Version (Normalized)],
Case
When
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 3) As int) = 7 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 2) As int) = 4 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 1) As int) < 3 Then 'Vulnerable'
When
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 3) As int) = 7 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 2) As int) = 2 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 1) As int) < 7 Then 'Vulnerable'
When
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 3) As int) = 7 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 2) As int) = 0 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 1) As int) < 14 Then 'Vulnerable'
When
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 3) As int) = 6 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 2) As int) = 4 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 1) As int) < 15 Then 'Vulnerable'
When
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 3) As int) = 6 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 2) As int) = 2 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 1) As int) < 16 Then 'Vulnerable'
When
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 3) As int) = 6 And
Cast(ParseName(Right(Subquery1.DataClean, CharIndex('v',
Reverse(Subquery1.DataClean)) - 1), 2) As int) = 0 Then 'Vulnerable'
Else 'Safe'
End As [FortiOS Vulnerable],
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select tblOIDData.AssetID,
tblOIDData.Label,
tblOIDData.Data,
SubString(tblOIDData.Data, CharIndex('v', tblOIDData.Data), CharIndex(',',
tblOIDData.Data) - 1 - CharIndex('v', tblOIDData.Data) + Len(',')) As
DataClean
From tblOIDData
Where tblOIDData.Label = 'fg sys version' And
tblOIDData.Data Not Like '%data%') As Subquery1 On Subquery1.AssetID =
tblAssets.AssetID
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where tblAssetCustom.Manufacturer Like '%fortinet%' And tblState.Statename =
'Active'
Order By tblAssetCustom.Model,
tblAssets.IPAddress,
Subquery1.DataClean