Description
This article describes situations where receiving vulnerability reports indicating that devices such as FortiGate, FortiAnalyzer, FortiManager, etc., are susceptible to specific CVEs (Common Vulnerabilities and Exposures).
This guide aims to assist in gaining a deeper understanding of CVE details and other crucial aspects of the FortiGuard Lab website.
Scope
All Fortinet products.
Solution
To perform a CVE (Common Vulnerabilities and Exposures) lookup on the FortiGuard Labs website, follow these steps:
-
Visit the FortiGuard Labs Website: Open the web browser and navigate to the FortiGuard Labs website: FortiGuard.
-
Access CVE Information: Once on the FortiGuard Labs website's homepage, locate the search bar at the top right corner labeled 'CVE Lookup', which allows one to search for CVE information.
-
Enter the CVE Identifier: In the provided search bar or input field, input the CVE identifier that is desired to be investigated. A CVE identifier typically follows the format 'CVE-YYYY-NNNN', with 'YYYY' representing the year and 'NNNN' serving as a unique identifier for the vulnerability. After entering the CVE identifier, select the 'Search' button.
In the provided screenshot, a search was performed for the CVE identifier 'CVE-2023-29183' and the search results displayed three distinct categories of CVEs. Depending on the specific needs, it is possible to refine the results by utilizing the 'Filter by Category' option.
Review CVE Details:
When reviewing the CVE details on the FortiGuard Labs website, there will be comprehensive information concerning the specified CVE, encompassing details about the vulnerability itself, its severity, impacted products, available patches or mitigations, and any additional pertinent data (such as workarounds and exploitation status).
For CVE-2023-2918, the provided information includes a succinct summary of the CVE, its severity level, the CVSSv3 Score, CVRF data, affected products, and a recommended solution. Notably, there is no mentioned workaround on the site. Therefore, the advisable course of action is to proceed with the solution, which typically involves upgrading the device firmware, particularly if the device is operating on affected firmware versions.
However, in the case of CVE-2022-42475, a workaround is available, thanks to the PSIRT team's efforts. It offers a means to mitigate the vulnerability. Nonetheless, it is important to note that a workaround is just that—a temporary measure. Fortinet consistently advises implementing the provided solution as promptly as possible to ensure comprehensive security.
Note: The information provided on the page is curated by the PSIRT team. If a solution is present, it should be considered the primary and recommended solution for addressing the CVE. For newly reported CVEs, note that the advisory can undergo multiple updates with additional information.
Threat Signal: Threat Signals to keep informed about emerging cyber threats. These signals offer technical details, and mitigation tips, by FortiGuard Labs in a simple FAQ-style format.
To access the Threat signal, go to FortiGuard, navigate to the 'News/Research' section, and select 'Research Center' followed by 'Threat signal' or use Threat Signal | FortiGuard.
The below example is for CVE-2023-5129:
PSIRT Advisory / PSIRT Blog: If interested in obtaining additional information about various CVEs beyond the specific one concerned with, it is possible to explore the PSIRT advisory and PSIRT blog sections.
-
To access the PSIRT advisory, go to FortiGuard, navigate to the 'News/Research' section, and select 'PSIRT Center' followed by 'Advisories' or use PSIRT Advisories | FortiGuard.
-
To explore the PSIRT blog, go to FortiGuard, access the 'News/Research' section, and choose 'PSIRT Center', then select 'PSIRT Blog' or use PSIRT Blogs (fortinet.com). Subscribing to the blog for proactive information on any new vulnerabilities is also possible.
Within these sections, it is possible to employ filters and search options to find CVEs based on criteria such as the product, severity, year, or component interested in. This allows efficient access to a wealth of information on various CVEs.
Reporting a vulnerability in Fortinet products: If one wants to report a vulnerability in Fortinet products to the Fortinet PSIRT team, it is possible to use the PSIRT contact form using the link PSIRT Contact Form | FortiGuard. For details on how to raise a PSIRT Issue with Fortinet, see the PSIRT Policy Fortinet Security Vulnerability Policy | FortiGuard.
If one wants to subscribe for monthly PSIRT advisories follow the community guide:
PSIRT note: Fortinet PSIRT and Monthly PSIRT Advisories
FortiGuard Outbreak Alerts: FortiGuard Outbreak Alerts offer critical insights into ongoing cybersecurity attacks that have substantial impacts on multiple companies, organizations, and industries, it is possible to access these alerts at FortiGuard Outbreak Alerts | FortiGuard.
See related article FortiGuard Outbreak Alerts: Version 3.0 - Fortinet Community.
FortiGuard Services: The services are divided into three sections: Services by outbreak, by solution, and by product. There are multiple informative sections available to explore. Generally, it can be necessary to check the web filter category to validate the URL category in the FortiGuard server and the Application Control section to verify information related to any application that is part of the FortiGuard database.
- To access the Web filtering, go to FortiGuard, navigate to the 'Services' section, and select 'by outbreak/by solution/by product' followed by 'Webfiltering' or use Web Filtering Service | FortiGuard.
Here it is possible to search for any site and verify its category:
- To access the Application Control, go to FortiGuard, navigate to the 'Services' section, and select 'by outbreak/by solution/by product' followed by 'Application control' or use Application Control Service | FortiGuard.
The following guide describes how to verify which app control requires deep SSL inspection:
Technical Tip: How to check which application requires deep SSL inspection under Application Control
It is possible to go through the FAQ for some general questions and answers: Frequently Asked Questions | FortiGuard.
It is also possible to contact the FortiGuard team using Contact Us | FortiGuard.
