Fortinet black logo

EMS Administration Guide

Viewing current vulnerabilities

Viewing current vulnerabilities

To view current vulnerabilities:
  1. Go to Dashboard > Vulnerability Scan.
  2. Under Current Vulnerabilities Summary, click a vulnerability tile.
  3. When you click a vulnerability tile, the colored circles update to display the number of vulnerabilities that correspond to each severity level in the selected category.

    In this example, there are 22 total vulnerabilities, 20 of which are OS vulnerabilities. Click the Operating System tile.

    The OS vulnerabilities are organized by severity:

    • 0/20 are low risk (green circle)
    • 4/20 are medium risk (yellow circle)
    • 16/20 are high risk (orange circle)
    • 0/20 are critical risk (red circle)
  4. You can click any tile to display details for vulnerabilities of that type. In this example, click View 20 on the Operating System tile to display all OS vulnerabilities and details:

    Patch All

    Click this button to patch all vulnerabilities currently displayed on the content pane. The vulnerabilities are patched with the next Telemetry communication between FortiClient EMS and the endpoint.

    Refresh

    Click to refresh the list of vulnerabilities in the content pane.

    Clear Filters

    Click to clear all filters applied to the list of vulnerabilities.

    Vulnerability Name

    Name of the vulnerability.

    FortiGuard ID

    Displays the FortiGuard ID. Click the link to see information about the vulnerability on FortiGuard.

    CVE ID

    Displays the vulnerability ID as determined by the Common Vulnerabilities and Exposures (CVE) system. If available, you can click the link to see more information about the vulnerability. Depending on the vulnerability, there may be multiple CVE IDs listed.

    Severity

    Displays the severity of the vulnerability.

    Affected Endpoints

    Displays the number of endpoints that are affected by this vulnerability.

    Patch Status

    You can click the Patch button to patch the selected vulnerability with the next Telemetry communication between FortiClient EMS and the endpoint.

    If a patch is already scheduled for the vulnerability, this column displays Scheduled.

    If the vulnerability must be patched manually, this column displays Manual Patch.

    FortiClient may be unable to automatically patch the vulnerability due to one of the following reasons:

    • Third-party application vulnerabilities: incorrect or missing installation paths
    • OS vulnerabilities: Windows update service is disabled

    In these cases, EMS may incorrectly display the status of these vulnerabilities that were selected to be automatically patched as Scheduled instead of Failed.

    You can filter the list of vulnerabilities by any column by clicking the filter icon beside the desired heading. Enter the value to include in the filter. You can toggle the All/Any/Not button for the following options:

    • All: Display all files that match the set filter.
    • Any: Display any file that matches the set filter.
    • Not: Display only files that do not match the set filter.
  5. Return to Dashboard > Vulnerability Scan. You can also click a colored circle to view all vulnerabilities of the selected severity level. The following shows all medium severity third party application vulnerabilities:

Viewing current vulnerabilities

To view current vulnerabilities:
  1. Go to Dashboard > Vulnerability Scan.
  2. Under Current Vulnerabilities Summary, click a vulnerability tile.
  3. When you click a vulnerability tile, the colored circles update to display the number of vulnerabilities that correspond to each severity level in the selected category.

    In this example, there are 22 total vulnerabilities, 20 of which are OS vulnerabilities. Click the Operating System tile.

    The OS vulnerabilities are organized by severity:

    • 0/20 are low risk (green circle)
    • 4/20 are medium risk (yellow circle)
    • 16/20 are high risk (orange circle)
    • 0/20 are critical risk (red circle)
  4. You can click any tile to display details for vulnerabilities of that type. In this example, click View 20 on the Operating System tile to display all OS vulnerabilities and details:

    Patch All

    Click this button to patch all vulnerabilities currently displayed on the content pane. The vulnerabilities are patched with the next Telemetry communication between FortiClient EMS and the endpoint.

    Refresh

    Click to refresh the list of vulnerabilities in the content pane.

    Clear Filters

    Click to clear all filters applied to the list of vulnerabilities.

    Vulnerability Name

    Name of the vulnerability.

    FortiGuard ID

    Displays the FortiGuard ID. Click the link to see information about the vulnerability on FortiGuard.

    CVE ID

    Displays the vulnerability ID as determined by the Common Vulnerabilities and Exposures (CVE) system. If available, you can click the link to see more information about the vulnerability. Depending on the vulnerability, there may be multiple CVE IDs listed.

    Severity

    Displays the severity of the vulnerability.

    Affected Endpoints

    Displays the number of endpoints that are affected by this vulnerability.

    Patch Status

    You can click the Patch button to patch the selected vulnerability with the next Telemetry communication between FortiClient EMS and the endpoint.

    If a patch is already scheduled for the vulnerability, this column displays Scheduled.

    If the vulnerability must be patched manually, this column displays Manual Patch.

    FortiClient may be unable to automatically patch the vulnerability due to one of the following reasons:

    • Third-party application vulnerabilities: incorrect or missing installation paths
    • OS vulnerabilities: Windows update service is disabled

    In these cases, EMS may incorrectly display the status of these vulnerabilities that were selected to be automatically patched as Scheduled instead of Failed.

    You can filter the list of vulnerabilities by any column by clicking the filter icon beside the desired heading. Enter the value to include in the filter. You can toggle the All/Any/Not button for the following options:

    • All: Display all files that match the set filter.
    • Any: Display any file that matches the set filter.
    • Not: Display only files that do not match the set filter.
  5. Return to Dashboard > Vulnerability Scan. You can also click a colored circle to view all vulnerabilities of the selected severity level. The following shows all medium severity third party application vulnerabilities: