FortiManager added support for IOTV objects and vulnerability download from FDS 7.2.2
FortiManager added support for IOTV objects and vulnerability download from FDS.
Example of FortiManager support of IOTV objects and vulnerability from FDS
-
FortiManager downloads the IOTV file from the FDS server.
2022/11/16_19:00:35.458 info fds_svrd[920]: [FMG-->FDS] Request: Protocol=3.0|Command=Poll|Firmware=FMG-VM64-FW-7.02-1179|SerialNumber==************-|Persistent=false|AcceptDelta=0|DataItem=************-00007.02835-2211162059*05006000ISDB00100-00022.00440-2211150308*06000000FFDB00305-00007.02835-2211162100*06000000FFDB00405-00007.02835-2211162100*06000000ISDB00100-00022.00440-2211150308*06000000NIDS02603-00022.00441-2211160215*06002000FFDB00306-00007.02835-2211162111*06002000FFDB00406-00007.02835-2211162111*06002000ISDB00100-00022.00440-2211150308*06004000FFDB00307-00007.02835-2211162118*06004000ISDB00100-00022.00440-2211150308*07000000FFDB00907-00007.02835-2211162118*07000000ISDB00100-00022.00440-2211150308*07002000FFDB01008-00007.02835-2211162059*07002000FFDB02008-00007.02835-2211162059*07002000IOTV00100-00022.00440-2211150330*07002000ISDB00100-00022.00440-2211150308^M ^M 2022/11/16_19:00:35.498 info fds_svrd[920]: [FDS-->FMG] Response: Protocol=3.0|Response=200|Firmware=FPT033-FW-6.8-0005|SerialNumber==************-************|Server==*****|Persistent=false|ResponseItem=************ 2022/11/16_19:00:36.492 info fds_svrd[920]: FCP_CONN:: received object: id=07002000IOTV00100 ver=00022.00442-2211170248 size=8859232, store in file 2022/11/16_19:00:43.713 info fds_svrd[920]: Send IOTV update notification to fgdsvrd
The IOTV file is saved on FortiManager
var/fds/data/ iotv.db
-
The user configures IOT settings on the FortiGate.
config system central-management set type fortimanager set fmg <ip address> config server-list edit 1 set server-type update rating iot-query set server-address <ip address> next end set include-default-servers disable end
FortiManager only support IOT query on port 443.
config system interface edit "port1" set ip 10.59.8.000 255.255.254.0 set allowaccess ping https ssh snmp http webservice set serviceaccess fgtupdates fclupdates webfilter-antispam set rating-service-ip <ip address> <netmask> set type physical next config fmupdate service set query-iot enable set query-webfilter enable end config fmupdate web-spam fgd-setting set iot-log all set iotv-preload enable end
-
The IOT query is performed by FortiGate:
150-fgt-iotv-tst # diag wad dev-vuln query vendor=tesla&version=2020.4.09&product=model3webinterface .............. GET /v1/lookup/iotvuln?vendor=tesla&version=2020.4.09&product=model3webinterface&&& HTTP/1.1 Host: 10.59.8.001 Accept: application/json ............... HTTP/1.1 200 OK Content-Length: 686 [ { "date_added": "2022-05-31 16:53:44.080946", "date_updated": "2022-08-03 21:00:35.138956", "description": "The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen.", "id": 14300, "max_version": "2020.4.09", "min_version": "", "patch_sig_id": 10000696, "product": "model3webinterface", "refs": [ "CVE-2020-10558" ], "severity": "high", "vendor": "tesla", "vuln_type": "DoS" }]
FortiManager provides a response:
2023/01/25_11:13:47.039 notice fgdsvr(client worker)[995]: accept connection from ************. 2023/01/25_11:13:47.088 info FGDSVR(IOT)[1155]: timeout: worker IOT, load remain dbs 2023/01/25_11:13:47.117 debug fgdsvr(client worker)[995]: __get_url: header=GET /v1/lookup/iotvuln?vendor=tesla&version=2020.4.09&product=model3webinterface&&& HTTP/1.1 Host: ************ Accept: application/json . 2023/01/25_11:13:47.117 debug fgdsvr(client worker)[995]: __on_read_request: /v1/lookup/iotvuln request body_sz=0 2023/01/25_11:13:47.117 debug fgdsvr(client worker)[995]: __create_proxy_usock,634: sock 155 connected to /dev/udm_fgd_iotv_svr. 2023/01/25_11:13:47.117 debug fgdsvr(client worker)[995]: __on_write_iotv_event: fd=155 2023/01/25_11:13:47.117 debug fgdsvr(client worker)[995]: __on_write_iotv_event: send 136 bytes data to iot worker 2023/01/25_11:13:47.117 debug fgdsvr(client worker)[995]: __stop_iotv_write: iotv_wr=0 2023/01/25_11:13:47.118 debug fgdsvr(iotv worker)[991]: __iotv_lookup: received iotv_request GET /v1/lookup/iotvuln?vendor=tesla&version=2020.4.09&product=model3webinterface&&& HTTP/1.1 Host: 10.59.8.001 Accept: application/json *****************************************************
FortiManager is able to download new IOTD objects:
07002000IOTD00105
07002000IOTD00205