ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - Administrative Details Leaked (CVE-2022-40684) - Suricata Rule 2039420 (et/open)

ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - Administrative Details Leaked (CVE-2022-40684)

SID: 2039420Rev: 15 viewsHistory

Sourceet/open

CreatedOctober 17, 2022

UpdatedOctober 20, 2022

Classificationsuccessful-admin

alert http [$HOME_NET,$HTTP_SERVERS] any -> $EXTERNAL_NET any (msg:"ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - Administrative Details Leaked (CVE-2022-40684)"; flow:established,to_client; flowbits:isset,ET.CVE-2022-40684; http.response_body; content:"results"; nocase; content:"accprofile"; nocase; fast_pattern; reference:url,www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/; reference:url,github.com/horizon3ai/CVE-2022-40684/blob/master/CVE-2022-40684.py; reference:cve,2022-40684; classtype:successful-admin; sid:2039420; rev:1; metadata:affected_product Web_Server_Applications, affected_product Fortigate, attack_target Server, created_at 2022_10_17, cve CVE_2022_40684, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Critical, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_10_20; target:src_ip;)

References

url	www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/
url	github.com/horizon3ai/CVE-2022-40684/blob/master/CVE-2022-40684.py
cve	2022-40684

Metadata

affected productFortigate

attack targetServer

created at2022_10_17

cveCVE-2022-40684

deploymentSSLDecrypt

confidenceHigh

signature severityCritical

tagDescription_Generated_By_Proofpoint_Nexus

updated at2022_10_20

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!