""ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - Administrative Details Leaked (CVE-2022-40684)""

SID: 2039420

Revision: 1

Class Type: successful-admin

Metadata: affected_product Web_Server_Applications, affected_product Fortigate, attack_target Server, created_at 2022_10_17, cve CVE_2022_40684, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Critical, updated_at 2022_10_20

Reference:

• cve

• 2022-40684

Protocol: tcp

Source Network: [$HOME_NET,$HTTP_SERVERS]

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: any

Flow: established,to_client

Contents:

• Value: "results"

• Value: "accprofile"

Within:

PCRE:

Special Options:

• file_data

• nocase

• fast_pattern

• nocase

source