fortiguard.fortinet.com
Open in
urlscan Pro
154.52.1.42
Public Scan
Submitted URL: http://www.fortinet.com/ids/VID50584
Effective URL: https://fortiguard.fortinet.com/encyclopedia/ips/50584
Submission: On December 17 via api from TR — Scanned from IL
Effective URL: https://fortiguard.fortinet.com/encyclopedia/ips/50584
Submission: On December 17 via api from TR — Scanned from IL
Form analysis
2 forms found in the DOMGET /search
<form action="/search" method="get" class="form-check d-none ng-pristine ng-valid">
<span class="search_flat">
<label for="search_field_header" class="visually-hidden" id="label-search_field-header">Search</label>
<input id="search_field_header" type="text" class="search_field" placeholder="Search FortiGuard" name="q" required="required" autocomplete="off" aria-labelledby="label-search_field-header" value="">
<button type="submit" value=" " class="btn btn-sm" aria-label="Submit your search">
<img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/search.svg?v=32921" alt="search">
</button>
<div class="global_search-popup">
<fieldset>
<legend class="visually-hidden">Please select any available option</legend>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="all_home" class="form-check-input search-input-option" value="1" checked="checked" aria-checked="true">
<label class="form-check-label search-input-label" for="all_home"> Normal </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="exact_home" class="form-check-input search-input-option" value="2">
<label class="form-check-label search-input-label" for="exact_home"> Exact Match </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="cve_home" class="form-check-input search-input-option" value="3">
<label class="form-check-label search-input-label" for="cve_home"> CVE </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="threat_home" class="form-check-input search-input-option" value="4">
<label class="form-check-label search-input-label" for="threat_home"> ID </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="psirt_home" class="form-check-input search-input-option" value="6">
<label class="form-check-label search-input-label" for="psirt_home"> PSIRT </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="repms_home" class="form-check-input search-input-option" value="8">
<label class="form-check-label search-input-label" for="repms_home"> Antispam </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="outbreak-alert_home" class="form-check-input search-input-option" value="9">
<label class="form-check-label search-input-label" for="outbreak-alert_home"> Outbreak Alert </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="url_home" class="form-check-input search-input-option" value="7">
<label class="form-check-label search-input-label" for="url_home"> IP/Domain/URL </label>
</div>
</fieldset>
</div>
</span>
</form>
GET /search
<form action="/search" method="get" class="mobile-search-form col-12 ng-pristine ng-valid">
<div class="input-group">
<select class="form-select" name="engine">
<option value="1"> Normal </option>
<option value="2"> Exact Match </option>
<option value="3"> CVE </option>
<option value="4"> ID </option>
<option value="6"> PSIRT </option>
<option value="8"> Antispam </option>
<option value="9"> Outbreak Alert </option>
<option value="7"> IP/Domain/URL </option>
</select>
<input id="search_field_header" type="text" class="form-control" placeholder="Search FortiGuard" name="q" required="required" autocomplete="off" aria-labelledby="label-search_field-header" value="">
<button class="btn btn-sm btn-outline-secondary" type="submit">
<img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/search.svg?v=32921" alt="search">
</button>
</div>
</form>
Text Content
* Search Please select any available option Normal Exact Match CVE ID PSIRT Antispam Outbreak Alert IP/Domain/URL * Research RESEARCH CENTER Explore latest research and threat reports on emerging cyber threats. * Outbreak Alerts * Security Blog * Threat Signal * Services SERVICES By Outbreak By Solution By Product PROTECT Counter measures across the security fabric for protecting assets, data and network. * Anti-Botnet * AntiMalware * AntiSpam * Application Control * Intrusion Protection * Operational Technology Security * Sandbox Behavior Engine * Web Application Security * Web Filtering DETECT Find and correlate important information to identify an outbreak.Find and correlate * Anti-Recon and Anti-Exploit * Cloud Threat Detection * Endpoint Detection & Response * Indicators of Compromise * Outbreak Deception * Outbreak Detection * SOC Automation RESPOND Develop containment techniques to mitigate impacts of security events.Develop containment * Endpoint Detection and Response * Endpoint Forensics * Incident Response RECOVER Improve security posture and processes by implementing security awareness and training. * Assessment Services * NSE Training * Security Awareness Training IDENTIFY Identify processes and assets that need protection.Identify processes and assets that * Breach Attack Simulation * Cloud Vulnerability * Dynamic Application Security Testing * Endpoint Vulnerability * FortiDevSec * Inline-CASB Application Definitions * IoT Detection * Pen Testing * Recon: ACI * Recon: BP * Recon: EASM * Security Rating * NETWORK SECURITY * Anti-Botnet * Anti-Recon and Anti-Exploit * Cloud Vulnerability and Threat Detection * Data Loss Prevention * Indicators of Compromise * Inline-CASB Application Definitions * Internet Services * Intrusion Protection * IP Geolocation * Secure DNS * ENDPOINT SECURITY * ANN and NDR * AntiVirus * Endpoint Detection & Response * Endpoint Vulnerability * IoT Detection * Sandbox Behavior Engine * APPLICATION SECURITY * AntiSpam * Application Control * Client Application Firewall * Credential Stuffing Defense * Dynamic Application Security Testing * Operational Technology Security * Web Application Security * Web Filtering * SECURITY OPERATIONS * Breach Attack Simulation * FortiDevSec * Outbreak Deception * Outbreak Detection * Pen Testing * Security Rating * FortiGate * FortiAnalyzer * FortiClient * FortiWeb * FortiADC * FortiAuthenticator * FortiCNP * FortiDDoS * FortiDeceptor * FortiEDR * FortiMail * empty * FortiNDR * FortiPAM * FortiPolicy * FortiProxy * FortiRecon * FortiSandBox * FortiSASE * FortiSIEM * FortiTester * FortiDAST * FortiCNAPP * empty * Anti-Botnet * AntiVirus * Application Control * Inline-CASB Application Definitions * Intrusion Protection * IoT Detection * IP Geolocation * Operational Technology Security * Secure DNS * Security Rating * Web Filtering * Indicators of Compromise * Outbreak Detection * SOC Automation * Anti-Botnet * Anti-Recon and Anti-Exploit * AntiVirus * Application Firewall * Credential Stuffing Defense * Endpoint Vulnerability * Intrusion Protection * Outbreak Detection * Web Filtering * Anti-Botnet * AntiVirus * Application Control * Credential Stuffing Defense * Fuzzy Webshell * IP Geolocation * Web Application Security * Anti-Botnet * AntiVirus * Credential Stuffing Defense * Intrusion Protection * IP Geolocation * Web Application Security * Web Filtering * IP Geolocation * Anti-Botnet * Data Loss Prevention * IP Geolocation * Vulnerability * Anti-Botnet * Anti-Recon and Anti-Exploit * AntiVirus * Intrusion Protection * Outbreak Deception * AntiVirus * EndPoint Detection and Response * Endpoint Vulnerability * Indicators of Compromise * Web Filtering * AntiSpam * AntiVirus * Web Filtering * Network Detection and Response * AntiVirus * Data Loss Prevention * Anti-Botnet * Application Control * Anti-Botnet * Application Control * Industrial Security * Digital Risk Protection * AntiVirus * Intrusion Protection * Sandbox Behavior Engine * Web Filtering * Anti-Botnet * AntiVirus * Application Control * Data Loss Prevention * Endpoint Vulnerability * Intrusion Protection * Secure DNS * Web Filtering * Indicators of Compromise * IP Geolocation * Outbreak Detection * Breach Attack Simulation * Dynamic Application Security Testing * Cloud Threat Detection * Cloud Vulnerability * Threat Intelligence THREAT INTELLIGENCE CENTER Browse the FortiGuard Labs extensive encyclopedia and Threat Analytics. * Application Control * FortiGuard Encyclopedia * Outbreak Threat Map * Threat Actor Encyclopedia * Threat Analytics * Web Filtering * Support SUPPORT CENTER PSIRT Center Product Support Fortinet Product Security Incident Response Team (PSIRT) updates. * Advisories * PSIRT Blog * PSIRT Contact * Security Vulnerability Policy Get the support whenever you need it. * FortiCare Support * Fortinet Community * Resources RESOURCE CENTER Learn about service status, publications and other available resources. * FortiGuard Sample Files * MITRE ATT&CK Matrix * NIST Cybersecurity Framework * Publications * Security Best Practices * About ABOUT FortiGuard Labs Partners AI-Powered Threat Intelligence for an Evolving Digital World. * Contact Us * Premium Services * RSS Feeds Leveraging cyber security industry partner relationships. * Cyber Threat Alliance * MITRE Engenuity * * Research * Outbreak Alerts * Security Blog * Threat Signal * Services * Anti-Botnet * Anti-Recon and Anti-Exploit * AntiMalware * AntiSpam * Application Control * Assessment Services * Breach Attack Simulation * Cloud Threat Detection * Cloud Vulnerability * Dynamic Application Security Testing * Endpoint Detection & Response * Endpoint Detection and Response * Endpoint Forensics * Endpoint Vulnerability * FortiDevSec * Incident Response * Indicators of Compromise * Inline-CASB Application Definitions * Intrusion Protection * IoT Detection * NSE Training * Operational Technology Security * Outbreak Deception * Outbreak Detection * Pen Testing * Recon: ACI * Recon: BP * Recon: EASM * Sandbox Behavior Engine * Security Awareness Training * Security Rating * SOC Automation * Web Application Security * Web Filtering * Threat Intelligence * Application Control * FortiGuard Encyclopedia * Outbreak Threat Map * Threat Actor Encyclopedia * Threat Analytics * Web Filtering * Resources * FortiGuard Sample Files * MITRE ATT&CK Matrix * NIST Cybersecurity Framework * Publications * Security Best Practices * Support PSIRT CENTER * Advisories * PSIRT Blog * PSIRT Contact * Security Vulnerability Policy PRODUCT SUPPORT * FortiCare Support * Fortinet Community * About FORTIGUARD LABS * Contact Us * Premium Services * RSS Feeds PARTNERS * Cyber Threat Alliance * MITRE Engenuity * FORTINET Normal Exact Match CVE ID PSIRT Antispam Outbreak Alert IP/Domain/URL INTRUSION PREVENTION MS.EXCHANGE.SERVER.AUTODISCOVER.REMOTE.CODE.EXECUTION DESCRIPTION This indicates an attack attempt to exploit a Remote Code Execution in Microsoft Exchange Server. The vulnerability is due to insufficient sanitization when handling a malicious request. A remote attacker may be able to exploit this to disclose data or execute arbitrary code within the context of the application, via a crafted HTTP request. OUTBREAK ALERT Critical zero-day vulnerabilities that can allow the attacker to do a Remote Code Execution (RCE) on Microsoft Exchange Servers. FortiGuard has added multiple protections throughout the Security Fabric to safeguard its customers from attacks exploiting these zero-day vulnerabilities. View the full Outbreak Alert Report The Hive ransomware gang has received up to $100+ million in ransom payments from more than 1,300 victims according to a joint advisory released by the FBI, the U.S. Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services. View the full Outbreak Alert Report View the full Outbreak Alert Report AFFECTED PRODUCTS Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 9 Microsoft Exchange Server 2016 Cumulative Update 20 Microsoft Exchange Server 2016 Cumulative Update 19 Microsoft Exchange Server 2019 Cumulative Update 8 IMPACT System Compromise: Remote attackers can gain control of vulnerable systems. RECOMMENDED ACTIONS Apply the most recent upgrade or patch from the vendor. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473 TELEMETRY COVERAGE IPS (Regular DB) IPS (Extended DB) VERSION UPDATES Date Version Detail 2023-06-06 23.571 Sig Added 2023-03-08 23.508 Sig Added 2023-02-14 22.495 Sig Added 2022-12-27 22.464 Sig Added 2022-12-14 22.457 Sig Added 2022-10-24 22.420 Sig Added 2022-10-11 22.411 Sig Added 2022-10-03 22.405 Name:MS. Exchange. Server. CVE-2021-34473. Remote. Code. Execution:MS. Exchange. Server. Autodiscover. Remote. Code. Execution 2022-09-14 22.392 Sig Added 2021-10-27 18.186 Sig Added REFERENCES https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473 ID 50584 Created Jul 14, 2021 Updated Jun 06, 2023 Outbreak Alert MSExchange Autodiscover RCE Hive Ransomware 2022 Annual Report Risk CVE ID CVE-2021-34473 CVE-2022-41040 CVE-2022-41082 Known Exploited Yes Exploit Prediction Score 96.46% Default Action drop Active Affected OS Windows Affected App MS_Exchange * Contact Us * Legal * Privacy * Partners * Feedback * * * * * Copyright © 2024 Fortinet, Inc. All Rights Reserved. This site uses cookies. Some are essential to the operation of the site; others help us improve the user experience. By continuing to use the site, you consent to the use of these cookies. To learn more about cookies, please read our privacy policy. Accept