alert tcp any any -> $HOME_NET 7900 (msg:"ET EXPLOIT Fortinet FortiSIEM Unauthenticated Command Injection CVE-2023-34992"; flow:established,to_server; content:"|51 00 00 00|"; startswith; content:"<server_ip"; nocase; fast_pattern; pcre:"/^[^>]*>[^\x3b<]+\x3b[^<]+<\/server_ip>/Rsi"; reference:url,horizon3.ai/attack-research/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/; reference:cve,2023-34992; classtype:misc-attack; sid:2052888; rev:2; metadata:attack_target Server, created_at 2024_05_28, cve CVE_2023_34992, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updated_at 2024_05_31, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)