SID 1:64488

Report a false positive

Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Fortinet FortiOS authentication bypass attempt

Rule Explanation

This rule looks for inbound HTTP requests to Fortinet FortiOS devices that are intended to exploit an authentication bypass vulnerability.

What To Look For

This rule fires on authentication bypass attempts against Fortinet FortiOS devices.

Known Usage

Attacks/Scans seen in the wild

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2024-55591

Additional Links

labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/

Rule Vulnerability

Authentication Bypass

An Authentication Bypass occurs when there is a way to avoid providing user credentials to a system before performing restricted operations on said system.

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2024-55591
 Loading description