ET EXPLOIT Fortinet FGFM Arbitrary Code Execution via Externally-Controlled Format String (CVE-2024-23113)

SID: 2056730Rev: 113 viewsHistory

Sourceet/open

CreatedOctober 18, 2024

UpdatedOctober 18, 2024

Classificationattempted-admin

alert tcp any any -> $HOME_NET 541 (msg:"ET EXPLOIT Fortinet FGFM Arbitrary Code Execution via Externally-Controlled Format String (CVE-2024-23113)"; flow:established,to_server; content:"|36 e0 11 00|"; startswith; content:"reply|20|200|0d 0a|"; fast_pattern; distance:4; content:"request|3d|auth|0d 0a|"; pcre:"/\x0d\x0a(authip|fmg_fqdn|mgmtip)\x3d[^\x0d\x0a]*?(?:\x25(?:(?:d|ul?|x|s|c|h?(?:n|p))|\d|\x2a|\x2e|\x5c?\x24)+)+/"; reference:url,labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/; reference:cve,2024-23113; classtype:attempted-admin; sid:2056730; rev:1; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2024_10_18, cve CVE_2024_23113, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, tag CISA_KEV, updated_at 2024_10_18, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

url	labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/
cve	2024-23113

Metadata

attack targetServer

tls stateTLSDecrypt

created at2024_10_18

cveCVE-2024-23113

deploymentSSLDecrypt

confidenceHigh

signature severityMajor

tagCISA_KEV

updated at2024_10_18

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1190

mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!