FortiManager added support for IOTV objects and vulnerability download from FDS 7.2.2

FortiManager added support for IOTV objects and vulnerability download from FDS.

Example of FortiManager support of IOTV objects and vulnerability from FDS

FortiManager downloads the IOTV file from the FDS server.

2022/11/16_19:00:35.458 info    fds_svrd[920]: [FMG-->FDS] Request: Protocol=3.0|Command=Poll|Firmware=FMG-VM64-FW-7.02-1179|SerialNumber==************-|Persistent=false|AcceptDelta=0|DataItem=************-00007.02835-2211162059*05006000ISDB00100-00022.00440-2211150308*06000000FFDB00305-00007.02835-2211162100*06000000FFDB00405-00007.02835-2211162100*06000000ISDB00100-00022.00440-2211150308*06000000NIDS02603-00022.00441-2211160215*06002000FFDB00306-00007.02835-2211162111*06002000FFDB00406-00007.02835-2211162111*06002000ISDB00100-00022.00440-2211150308*06004000FFDB00307-00007.02835-2211162118*06004000ISDB00100-00022.00440-2211150308*07000000FFDB00907-00007.02835-2211162118*07000000ISDB00100-00022.00440-2211150308*07002000FFDB01008-00007.02835-2211162059*07002000FFDB02008-00007.02835-2211162059*07002000IOTV00100-00022.00440-2211150330*07002000ISDB00100-00022.00440-2211150308^M ^M 
2022/11/16_19:00:35.498 info    fds_svrd[920]: [FDS-->FMG] Response: Protocol=3.0|Response=200|Firmware=FPT033-FW-6.8-0005|SerialNumber==************-************|Server==*****|Persistent=false|ResponseItem=************
2022/11/16_19:00:36.492 info    fds_svrd[920]: FCP_CONN:: received object: id=07002000IOTV00100 ver=00022.00442-2211170248 size=8859232, store in file 
2022/11/16_19:00:43.713 info    fds_svrd[920]: Send IOTV update notification to fgdsvrd

The IOTV file is saved on FortiManager

var/fds/data/ 
iotv.db

The user configures IOT settings on the FortiGate.

config system central-management 
    set type fortimanager 
    set fmg <ip address>
    config server-list 
        edit 1 
            set server-type update rating iot-query 
            set server-address <ip address>
        next 
    end 
    set include-default-servers disable 
end

FortiManager only support IOT query on port 443.

config system interface 
    edit "port1" 
        set ip 10.59.8.000 255.255.254.0 
        set allowaccess ping https ssh snmp http webservice 
        set serviceaccess fgtupdates fclupdates webfilter-antispam 
        set rating-service-ip <ip address> <netmask>
        set type physical 
    next 
config fmupdate service 
    set query-iot enable 
    set query-webfilter enable 
end 
config fmupdate web-spam fgd-setting 
    set iot-log all 
    set iotv-preload enable 
end

The IOT query is performed by FortiGate:

150-fgt-iotv-tst # diag wad dev-vuln query vendor=tesla&version=2020.4.09&product=model3webinterface
..............
GET /v1/lookup/iotvuln?vendor=tesla&version=2020.4.09&product=model3webinterface&&& HTTP/1.1
Host: 10.59.8.001
Accept: application/json
...............

HTTP/1.1 200 OK
Content-Length: 686

[ { "date_added": "2022-05-31 16:53:44.080946", "date_updated": "2022-08-03 21:00:35.138956", "description": "The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen.", "id": 14300, "max_version": "2020.4.09", "min_version": "", "patch_sig_id": 10000696, "product": "model3webinterface", "refs": [ "CVE-2020-10558" ], "severity": "high", "vendor": "tesla", "vuln_type": "DoS" }]

FortiManager provides a response:

2023/01/25_11:13:47.039 notice  fgdsvr(client worker)[995]: accept connection from ************.
2023/01/25_11:13:47.088 info    FGDSVR(IOT)[1155]: timeout: worker IOT, load remain dbs
2023/01/25_11:13:47.117 debug   fgdsvr(client worker)[995]: __get_url: header=GET /v1/lookup/iotvuln?vendor=tesla&version=2020.4.09&product=model3webinterface&&& HTTP/1.1 Host: ************ Accept: application/json .
2023/01/25_11:13:47.117 debug   fgdsvr(client worker)[995]: __on_read_request: /v1/lookup/iotvuln request body_sz=0
2023/01/25_11:13:47.117 debug   fgdsvr(client worker)[995]: __create_proxy_usock,634: sock 155 connected to /dev/udm_fgd_iotv_svr.
2023/01/25_11:13:47.117 debug   fgdsvr(client worker)[995]: __on_write_iotv_event: fd=155
2023/01/25_11:13:47.117 debug   fgdsvr(client worker)[995]: __on_write_iotv_event: send 136 bytes data to iot worker
2023/01/25_11:13:47.117 debug   fgdsvr(client worker)[995]: __stop_iotv_write: iotv_wr=0
2023/01/25_11:13:47.118 debug   fgdsvr(iotv worker)[991]: __iotv_lookup: received iotv_request GET /v1/lookup/iotvuln?vendor=tesla&version=2020.4.09&product=model3webinterface&&& HTTP/1.1 Host: 10.59.8.001 Accept: application/json


*****************************************************

FortiManager is able to download new IOTD objects:

07002000IOTD00105

07002000IOTD00205

FortiManager added support for IOTV objects and vulnerability download from FDS 7.2.2

FortiManager added support for IOTV objects and vulnerability download from FDS.

Example of FortiManager support of IOTV objects and vulnerability from FDS

FortiManager downloads the IOTV file from the FDS server.

2022/11/16_19:00:35.458 info    fds_svrd[920]: [FMG-->FDS] Request: Protocol=3.0|Command=Poll|Firmware=FMG-VM64-FW-7.02-1179|SerialNumber==************-|Persistent=false|AcceptDelta=0|DataItem=************-00007.02835-2211162059*05006000ISDB00100-00022.00440-2211150308*06000000FFDB00305-00007.02835-2211162100*06000000FFDB00405-00007.02835-2211162100*06000000ISDB00100-00022.00440-2211150308*06000000NIDS02603-00022.00441-2211160215*06002000FFDB00306-00007.02835-2211162111*06002000FFDB00406-00007.02835-2211162111*06002000ISDB00100-00022.00440-2211150308*06004000FFDB00307-00007.02835-2211162118*06004000ISDB00100-00022.00440-2211150308*07000000FFDB00907-00007.02835-2211162118*07000000ISDB00100-00022.00440-2211150308*07002000FFDB01008-00007.02835-2211162059*07002000FFDB02008-00007.02835-2211162059*07002000IOTV00100-00022.00440-2211150330*07002000ISDB00100-00022.00440-2211150308^M ^M 
2022/11/16_19:00:35.498 info    fds_svrd[920]: [FDS-->FMG] Response: Protocol=3.0|Response=200|Firmware=FPT033-FW-6.8-0005|SerialNumber==************-************|Server==*****|Persistent=false|ResponseItem=************
2022/11/16_19:00:36.492 info    fds_svrd[920]: FCP_CONN:: received object: id=07002000IOTV00100 ver=00022.00442-2211170248 size=8859232, store in file 
2022/11/16_19:00:43.713 info    fds_svrd[920]: Send IOTV update notification to fgdsvrd

The IOTV file is saved on FortiManager

var/fds/data/ 
iotv.db

The user configures IOT settings on the FortiGate.

config system central-management 
    set type fortimanager 
    set fmg <ip address>
    config server-list 
        edit 1 
            set server-type update rating iot-query 
            set server-address <ip address>
        next 
    end 
    set include-default-servers disable 
end

FortiManager only support IOT query on port 443.

config system interface 
    edit "port1" 
        set ip 10.59.8.000 255.255.254.0 
        set allowaccess ping https ssh snmp http webservice 
        set serviceaccess fgtupdates fclupdates webfilter-antispam 
        set rating-service-ip <ip address> <netmask>
        set type physical 
    next 
config fmupdate service 
    set query-iot enable 
    set query-webfilter enable 
end 
config fmupdate web-spam fgd-setting 
    set iot-log all 
    set iotv-preload enable 
end

The IOT query is performed by FortiGate:

150-fgt-iotv-tst # diag wad dev-vuln query vendor=tesla&version=2020.4.09&product=model3webinterface
..............
GET /v1/lookup/iotvuln?vendor=tesla&version=2020.4.09&product=model3webinterface&&& HTTP/1.1
Host: 10.59.8.001
Accept: application/json
...............

HTTP/1.1 200 OK
Content-Length: 686

[ { "date_added": "2022-05-31 16:53:44.080946", "date_updated": "2022-08-03 21:00:35.138956", "description": "The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen.", "id": 14300, "max_version": "2020.4.09", "min_version": "", "patch_sig_id": 10000696, "product": "model3webinterface", "refs": [ "CVE-2020-10558" ], "severity": "high", "vendor": "tesla", "vuln_type": "DoS" }]

FortiManager provides a response:

2023/01/25_11:13:47.039 notice  fgdsvr(client worker)[995]: accept connection from ************.
2023/01/25_11:13:47.088 info    FGDSVR(IOT)[1155]: timeout: worker IOT, load remain dbs
2023/01/25_11:13:47.117 debug   fgdsvr(client worker)[995]: __get_url: header=GET /v1/lookup/iotvuln?vendor=tesla&version=2020.4.09&product=model3webinterface&&& HTTP/1.1 Host: ************ Accept: application/json .
2023/01/25_11:13:47.117 debug   fgdsvr(client worker)[995]: __on_read_request: /v1/lookup/iotvuln request body_sz=0
2023/01/25_11:13:47.117 debug   fgdsvr(client worker)[995]: __create_proxy_usock,634: sock 155 connected to /dev/udm_fgd_iotv_svr.
2023/01/25_11:13:47.117 debug   fgdsvr(client worker)[995]: __on_write_iotv_event: fd=155
2023/01/25_11:13:47.117 debug   fgdsvr(client worker)[995]: __on_write_iotv_event: send 136 bytes data to iot worker
2023/01/25_11:13:47.117 debug   fgdsvr(client worker)[995]: __stop_iotv_write: iotv_wr=0
2023/01/25_11:13:47.118 debug   fgdsvr(iotv worker)[991]: __iotv_lookup: received iotv_request GET /v1/lookup/iotvuln?vendor=tesla&version=2020.4.09&product=model3webinterface&&& HTTP/1.1 Host: 10.59.8.001 Accept: application/json


*****************************************************

FortiManager is able to download new IOTD objects:

07002000IOTD00105

07002000IOTD00205

New Features

FortiManager added support for IOTV objects and vulnerability download from FDS 7.2.2

FortiManager added support for IOTV objects and vulnerability download from FDS 7.2.2

Example of FortiManager support of IOTV objects and vulnerability from FDS

FortiManager added support for IOTV objects and vulnerability download from FDS 7.2.2

Example of FortiManager support of IOTV objects and vulnerability from FDS