FortiDAST performs automated black-box dynamic application security testing of web applications to identify vulnerabilities that bad actors may exploit.
This article describes the Zoho ManageEngine ADSelfService Plus vulnerability assessment with FortiDAST to mitigate attacks.
CVE-2021-40539 vulnerability was discovered in Zoho ManageEngine ADSelfService Plus which is an identity security solution.
This vulnerability is a REST API authentication bypass that allows
an attacker to perform remote code execution.
Scope
FortiDAST version 23.1.a
Solution
Detection against that vulnerability is empowered by the FortiDAST Scripting Engine (FSE).
This technology enables FortiDAST to assess remotely with high level of confidence if an asset is vulnerable to a specific vulnerability by testing the disarmed exploit against the asset itself.
To configure the scan, you will need to enable the FSE group signature zoho-manageengine which will select the underlying script CVE-2021-40539 Zoho ManageEngine ADSelfService Plus authentication bypass vulnerability.
For reference, a step-by-step guide on how to configure FortiPenTest/FortiDAST to trigger FSE can be found on Fortinet’s blog.
