""ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - SSH Key Upload (CVE-2022-40684)""
SID: 2039419
Revision: 1
Class Type: successful-admin
Metadata: affected_product Web_Server_Applications, affected_product Fortigate, attack_target Server, created_at 2022_10_17, cve CVE_2022_40684, deployment Perimeter, deployment SSLDecrypt, signature_severity Critical, updated_at 2022_10_20
Reference:
-
cve
-
2022-40684
Protocol: tcp
Source Network: [$HOME_NET,$HTTP_SERVERS]
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,to_client
Contents:
- Value: "SSH key is good"
Within:
PCRE:
Special Options:
-
file_data
-
nocase
-
fast_pattern