Add IoT vulnerabilities to the asset identity list and FortiGuard IoT security rating checks 7.2.4
|
This information is also available in the FortiOS 7.2 Administration Guide: |
IoT devices with known vulnerabilities are displayed on the Security Fabric > Asset Identity Center page's Asset list view. Hovering over the vulnerabilities count displays a View IoT Vulnerabilities tooltip, which opens the View IoT Vulnerabilities table that includes the Vulnerability ID, Type, Severity, Reference, Description, and Patch Signature ID. Each entry in the Reference column includes the CVE number and a link to the CVE details.
|
|
To detect IoT vulnerabilities, the FortiGate must have a valid IoT Detection Service license, device detection must be configured on a LAN interface used by IoT devices, and a firewall policy with an application control sensor must be configured. See Add IoT devices to Asset Identity Center page 7.2.1 for more details. |
To view IoT asset vulnerabilities in the GUI:
-
Go to Security Fabric > Asset Identity Center. Ensure the Asset list view is selected.
-
Select a device with IoT vulnerabilities.
-
Hover over the IoT Vulnerabilities count to view the tooltip and click View IoT Vulnerabilities. A table with the list of vulnerabilities and related information for the device is displayed, including the CVE references and descriptions.
-
Click a hyperlink in the Reference column to view more information about the CVE, or click Close.
To view IoT asset vulnerabilities in the CLI:
# diagnose user-device-store device memory list
...
device_info
'ipv4_address' = '10.20.80.10'
'mac' = '**:**:**:**:**:**'
...
'vdom' = 'root'
'os_name' = 'Android'
'hostname' = '********************'
'last_seen' = '1670540312'
'host_src' = 'dhcp'
'unjoined_forticlient_endpoint' = 'false'
'is_online' = 'true'
'active_start_time' = '1670536763'
...
'dhcp_lease_status' = 'leased'
'dhcp_lease_expire' = '1671141562'
'dhcp_lease_reserved' = 'false'
'dhcp_server_id' = '10'
'is_fortiguard_src' = 'false'
'purdue_level' = '3'
'iot_vuln_count' = '10'
...
iot_info
'vendor' = 'Google'
'product' = 'Chrome'
'version-min' = '60.0.3112.32'
'validity' = 'true'
iot_vulnerability
'vulnerability_id' = '48970'
'severity' = '3'
'type' = 'Buffer Errors'
'description' = 'Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.'
'references' = 'CVE-2021-37974'
'date_added' = '2022-07-27 17:52:34.987194'
'date_updated' = '2022-07-27 17:52:34.987220'
...
iot_vulnerability
'vulnerability_id' = '94107'
'severity' = '3'
'type' = 'Buffer Errors'
'description' = 'Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer.'
'references' = 'CVE-2011-0479'
'date_added' = '2022-09-20 18:23:54.961465'
'date_updated' = '2022-09-20 18:23:54.961481'
Security rating checks
The Security Fabric > Security Rating > Security Posture report includes two rating checks related to IoT vulnerabilities:
-
The FortiGuard IoT Detection Subscription rating check will pass if the System > FortiGuard page shows that the IoT Detection Service is licensed. In this example, the result is marked as Passed because the license is valid.
-
The FortiGuard IoT Vulnerability rating check will fail if any IoT vulnerabilities are found. In this example, the result is marked as Failed because there is a device with IoT vulnerabilities.
In the Recommendations section, hover over the device name to display the tooltip, which includes an option to View IoT Vulnerabilities.
