🐾 - 🚨 Connection to Fortinet Fortigate UTM 🧱 with default TLS Certificate 🔒 exposed on Internet (Possible FortiClient VPN) - Suricata Rule 3300289 (pawpatrules)

🐾 - 🚨 Connection to Fortinet Fortigate UTM 🧱 with default TLS Certificate 🔒 exposed on Internet (Possible FortiClient VPN)

SID: 3300289Rev: 11 views

Sourcepawpatrules

CreatedMarch 15, 2023

UpdatedMarch 15, 2023

Classificationpolicy-violation

alert tls $EXTERNAL_NET any -> any any (msg:"🐾 - 🚨 Connection to Fortinet Fortigate UTM 🧱 with default TLS Certificate 🔒 exposed on Internet (Possible FortiClient VPN)"; flow:to_client, stateless; tls.cert_issuer; content:"C=US"; nocase; content:"ST=California"; nocase; content:"L=Sunnyvale"; nocase; content:"O=Fortinet"; nocase; content:"OU=Certificate Authority"; nocase; fast_pattern; content:"CN=fortinet-subca2001"; nocase; content:"support@fortinet.com"; nocase; reference:url,https://www.fortinet.com/fr/products/next-generation-firewall; metadata:created_at 2023_03_15, updated_at 2023_03_15; sid:3300289; rev:1; classtype:policy-violation;)

References

url	https://www.fortinet.com/fr/products/next-generation-firewall

🐾 - 🚨 Connection to Fortinet Fortigate UTM 🧱 with default TLS Certificate 🔒 exposed on Internet (Possible FortiClient VPN)

References

Metadata

Comments (0)