ET EXPLOIT Fortigate VPN - Repeated POST Requests to /remote/hostcheck_validate (CVE-2023-27997) M1 - Suricata Rule 2046252 (et/open)

ET EXPLOIT Fortigate VPN - Repeated POST Requests to /remote/hostcheck_validate (CVE-2023-27997) M1

SID: 2046252Rev: 10 viewsHistory

Sourceet/open

CreatedJune 13, 2023

UpdatedJune 13, 2023

Classificationattempted-admin

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Fortigate VPN - Repeated POST Requests to /remote/hostcheck_validate (CVE-2023-27997) M1"; flow:established,to_server; threshold:type limit, track by_src, count 1, seconds 120; http.method; content:"POST"; http.uri; content:"/remote/hostcheck_validate"; fast_pattern; startswith; content:"enc"; distance:0; reference:cve,2023-27997; reference:url,blog.lexfo.fr/xortigate-cve-2023-27997.html; classtype:attempted-admin; sid:2046252; rev:1; metadata:affected_product Fortigate, attack_target Networking_Equipment, created_at 2023_06_13, cve CVE_2023_27997, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2023_06_13; target:dest_ip;)

References

cve	2023-27997
url	blog.lexfo.fr/xortigate-cve-2023-27997.html

Metadata

affected productFortigate

attack targetNetworking_Equipment

created at2023_06_13

cveCVE-2023-27997

deploymentSSLDecrypt

performance impactLow

confidenceHigh

signature severityMajor

tagCISA_KEV

updated at2023_06_13

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!