Fortinet Admin-SCP Disabled - Detect

ID: scp-admin

Severity: info

Author: pussycat0x

Tags: audit,config,file,firewall,fortigate

Description

Fortinet Admin-SCP functionality is recommended to be disabled by default. Enabling SCP allows download of the configuration file from the FortiGate as an alternative method of backing up the configuration file.

YAML Source

id: scp-admin

info:
  name: Fortinet Admin-SCP Disabled - Detect
  author: pussycat0x
  severity: info
  description: Fortinet Admin-SCP functionality is recommended to be disabled by default. Enabling SCP allows download of the configuration file from the FortiGate as an alternative method of backing up the configuration file.
  reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
  tags: audit,config,file,firewall,fortigate

file:
  - extensions:
      - conf

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "set admin-scp enable"
        negative: true

      - type: word
        words:
          - "config system"
          - "config router"
          - "config firewall"
        condition: or
# digest: 4a0a004730450220080efb7507ecfefa0b9ea60eee364b1a658dc77cab2a468e69ee89bfe8c65ac7022100deabb829d9b2793a9804900ad84e0c21e20f56bc48110f75e1f4d2e504ab6ad5:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "file/audit/fortigate/scp-admin.yaml"

View on Github