Description
This article describes how to use a Vulnerability Scan feature in FortiClient/FortiClient EMS to detect vulnerable SolarWind’s Orion IT monitoring and management software.
For more information on this hack, see the Fortinet blog post:
Scope
Solution
This article describes how to use a Vulnerability Scan feature in FortiClient/FortiClient EMS to detect vulnerable SolarWind’s Orion IT monitoring and management software.
For more information on this hack, see the Fortinet blog post:
Scope
- In addition to Antivirus Signature W32/Sunburst, providing protection against Sunburst trojan, Fortinet released Vulnerability Scan signature 1.00229 for detecting vulnerable SolarWinds Application.
Solution
On EMS:
1. Please check that Vulnerability Scan Signatures is up to date on FortiClient and FortiClient EMS.
2. Please enable vulnerability detection to identify any SolarWinds vulnerable
endpoints. After vulnerability scan finished, you will see discovered endpoints.
And vulnerable applications:
It is
recommended to quarantine the endpoint so it is disconnected from
network and connect it back once its cleaned/remediated.
On endpoint:
On vulnerability scan results you will be able to see path to vulnerable application:
Once identified, you can patch endpoint manually using the download link provided.
