Versions (4)
Version DetailsCurrent
Rev: 1 • Oct 17, 2022, 12:00 PMET WEB_SERVER Successful FortiOS Auth Bypass Attempt - Administrative Details Leaked (CVE-2022-40684)
alert http [$HOME_NET,$HTTP_SERVERS] any -> $EXTERNAL_NET any (msg:"ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - Administrative Details Leaked (CVE-2022-40684)"; flow:established,to_client; flowbits:isset,ET.CVE-2022-40684; http.response_body; content:"results"; nocase; content:"accprofile"; nocase; fast_pattern; reference:url,www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/; reference:url,github.com/horizon3ai/CVE-2022-40684/blob/master/CVE-2022-40684.py; reference:cve,2022-40684; classtype:successful-admin; sid:2039420; rev:1; metadata:affected_product Web_Server_Applications, affected_product Fortigate, attack_target Server, created_at 2022_10_17, cve CVE_2022_40684, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Critical, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_10_20; target:src_ip;)
Oct 17, 2022, 12:00 PM
Oct 20, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 29, 2025, 8:34 PM
rules/emerging-web_server.rules