SID 1:64279

Report a false positive

Rule Category

POLICY-OTHER --

Alert Message

POLICY-OTHER Fortinet FortiManager arbitrary command execution attempt

Rule Explanation

This rule looks for a "get connect_tcp" FortiGate to FortiManager (FGFM) protocol command along with a "cmd" parameter that will execute a command on a FortiManager server that could potentially be malicious

What To Look For

This rule fires on command execution attempts via the FortiGate to FortiManager (FGFM) protocol sent to a FortiManager server that could potentially be malicious

Known Usage

Attacks/Scans seen in the wild

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

Rule Categories::Policy::Other

CVE

CVE-2024-47575

Additional Links

www.fortiguard.com/psirt/FG-IR-24-423

Rule Vulnerability

N/A

Not Applicable

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2024-47575
 Loading description