Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length Out of Bounds Write Remote Code Execution Attempt (CVE-2024-21762) - Heap Manipulation"; flow:established,to_server; stream_size:client,>,1800; http.method; content:"POST"; http.uri; content:"/remote/"; http.request_body; content:"/bin/node|25 30 30|"; fast_pattern; content:"|2d|e|25 30 30|"; within:20; threshold:type limit, track by_src, count 1, seconds 60; reference:cve,2024-21762; reference:url,www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762; classtype:trojan-activity; sid:2051766; rev:1; metadata:affected_product Fortigate, attack_target Networking_Equipment, tls_state TLSDecrypt, created_at 2024_03_22, cve CVE_2024_21762, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2024_03_22, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)