Finding Fortinet web application firewall devices with Rumble

August 25, 2021, by

Pearce Barry

Recently published security research from Rapid7 provides details on an OS command injection vulnerability in Fortinet’s web application firewall (WAF) product line known as FortiWeb. This vulnerability exists in the FortiWeb management interface (versions 6.3.11 and prior) and has a CVSSv3 base score of 8.7 (currently awaiting CVE assignment). While authentication is required for successful exploitation of this vulnerability, Rapid7 researchers point out that chaining this with exploitation of an existing authentication bypass vulnerability could be a successful attack vector against vulnerable FortiWeb targets.

Fortinet is tracking this issue as FG-IR-21-116 (with a fix in the upcoming FortiWeb 6.4.1 release) and advising current FortiWeb owners with a workaround until the patch is available.

Finding Fortinet web application firewall devices with Rumble

From the Services inventory, use the following pre-built query to locate FortiWeb assets in your network:

os:fortinet AND (tls.names:="FWB%" OR (tls.names:="FV%" AND NOT tls.names:="FVE%" AND NOT tls.names:="FVC%"))
Find fortinet devices

As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.

Try Rumble

Don’t have Rumble and need help finding your FortiWeb assets? Start your Rumble trial today.

Similar Content

December 3, 2021

Finding HP printers and MFPs vulnerable to Printing Shellz

Do you have HP printers and multi-function printers (MFPs)? You might want to look at the two recently published vulnerabilities that affect 150+ models. Named “Printing Shellz” by the F-Secure security researchers who reported them, these vulns have been around for ~8 …

Read More

November 10, 2021

Find Nucleus TCP/IP assets with accessible FTP services

Researchers at Forescout recently published findings on a new set of 13 vulnerabilities with the Nucleus RTOS TCP/IP stack, collectively referred to as NUCLEUS:13. Originally released in 1993, Nucleus is found in many different types of products, including devices in the …

Read More

October 28, 2021

Finding PAX point-of-sale devices

PAX Technologies, a China-based company that manufactures a LOT of point-of-sale (POS) terminal devices, has been in the news this week following an FBI raid of a PAX Florida facility. While the FBI didn’t officially confirm much beyond serving a court-authorized search, a …

Read More