""ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - Config Leaked (CVE-2022-40684)""
SID: 2039485
Revision: 1
Class Type: successful-admin
Metadata: affected_product Web_Server_Applications, affected_product Fortigate, attack_target Web_Server, created_at 2022_10_20, cve CVE_2022_40684, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2022_10_20
Reference:
-
cve
-
2022-40684
Protocol: tcp
Source Network: [$HOME_NET,$HTTP_SERVERS]
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "#config-version=" Depth: 16
-
Value: "user=Local_Process_Access|0a|#conf_file_ver="
-
Value: "|0a|#buildno="
Within: 500
PCRE:
Special Options:
-
file_data
-
fast_pattern