fortiguard.fortinet.com
Open in
urlscan Pro
154.52.16.198
Public Scan
Submitted URL: http://www.fortinet.com/ids/VID54588
Effective URL: https://fortiguard.fortinet.com/encyclopedia/ips/54588
Submission: On September 03 via api from AE — Scanned from US
Effective URL: https://fortiguard.fortinet.com/encyclopedia/ips/54588
Submission: On September 03 via api from AE — Scanned from US
Form analysis 2 forms found in the DOM
GET /search
<form action="/search" method="get" class="form-check d-none ng-pristine ng-valid">
<span class="search_flat">
<label for="search_field_header" class="visually-hidden" id="label-search_field-header">Search</label>
<input id="search_field_header" type="text" class="search_field" placeholder="Search FortiGuard" name="q" required="required" autocomplete="off" aria-labelledby="label-search_field-header" value="">
<button type="submit" value=" " class="btn btn-sm" aria-label="Submit your search">
<img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/search.svg?v=30201" alt="search">
</button>
<div class="global_search-popup">
<fieldset>
<legend class="visually-hidden">Please select any available option</legend>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="all_home" class="form-check-input search-input-option" value="1" checked="checked" aria-checked="true">
<label class="form-check-label search-input-label" for="all_home"> Normal </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="exact_home" class="form-check-input search-input-option" value="2">
<label class="form-check-label search-input-label" for="exact_home"> Exact Match </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="cve_home" class="form-check-input search-input-option" value="3">
<label class="form-check-label search-input-label" for="cve_home"> CVE Lookup </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="threat_home" class="form-check-input search-input-option" value="4">
<label class="form-check-label search-input-label" for="threat_home"> ID Lookup </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="psirt_home" class="form-check-input search-input-option" value="6">
<label class="form-check-label search-input-label" for="psirt_home"> PSIRT Lookup </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="repms_home" class="form-check-input search-input-option" value="8">
<label class="form-check-label search-input-label" for="repms_home"> Antispam Lookup </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="outbreak-alert_home" class="form-check-input search-input-option" value="9">
<label class="form-check-label search-input-label" for="outbreak-alert_home"> Outbreak Alert Lookup </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="url_home" class="form-check-input search-input-option" value="7">
<label class="form-check-label search-input-label" for="url_home"> IP/Domain/URL Lookup </label>
</div>
</fieldset>
</div>
</span>
</form>GET /search
<form action="/search" method="get" class="mobile-search-form col-12 ng-pristine ng-valid">
<div class="input-group">
<select class="form-select" name="engine">
<option value="1"> Normal </option>
<option value="2"> Exact Match </option>
<option value="3"> CVE Lookup </option>
<option value="4"> ID Lookup </option>
<option value="6"> PSIRT Lookup </option>
<option value="8"> Antispam Lookup </option>
<option value="9"> Outbreak Alert Lookup </option>
<option value="7"> IP/Domain/URL Lookup </option>
</select>
<input id="search_field_header" type="text" class="form-control" placeholder="Search FortiGuard" name="q" required="required" autocomplete="off" aria-labelledby="label-search_field-header" value="">
<button class="btn btn-sm btn-outline-secondary" type="submit">
<img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/search.svg?v=30201" alt="search">
</button>
</div>
</form>Text Content
* Search
Please select any available option
Normal
Exact Match
CVE Lookup
ID Lookup
PSIRT Lookup
Antispam Lookup
Outbreak Alert Lookup
IP/Domain/URL Lookup
* News / Research
NEWS/RESEARCH
RESEARCH CENTER
PSIRT CENTER
Explore latest research and threat reports on emerging cyber threats.
* Outbreak Alerts
* Security Blog
* Threat Signal
Fortinet Product Security Incident Response Team (PSIRT) updates.
* Advisories
* PSIRT Blog
* PSIRT Contact
* Security Vulnerability Policy
* Services
SERVICES
BY OUTBREAK
BY SOLUTION
BY PRODUCT
PROTECT
Counter measures across the security fabric for protecting assets, data and
network.
* Anti-Botnet
* Anti-Recon and Anti-Exploit
* AntiSpam
* AntiVirus
* Application Control
* Endpoint Detection & Response
* Endpoint Vulnerability
* Inline-CASB Application Definitions
* Intrusion Protection
* Operational Technology Security
* Sandbox Behavior Engine
* Web Application Security
* Web Filtering
DETECT
Find and correlate important information to identify an outbreak.Find and
correlate
* Anti-Recon and Anti-Exploit
* Cloud Threat Detection
* Indicators of Compromise
* Outbreak Deception
* Outbreak Detection
* Security Automation
RESPOND
Develop containment techniques to mitigate impacts of security events.Develop
containment
* Client Forensics
* Endpoint Detection and Response
* Incident Response
* Recon: ACI
RECOVER
Improve security posture and processes by implementing security awareness and
training.
* Assessment Services
* NSE Training
* Security Awareness Training
IDENTIFY
Identify processes and assets that need protection.Identify processes and
assets that
* Cloud Vulnerability
* Endpoint Vulnerability
* FortiTester
* IoT Detection
* Pen Testing
* Recon: BP
* Recon: EASM
* Security Rating
* NETWORK SECURITY
* Anti-Botnet
* Anti-Recon and Anti-Exploit
* Cloud Vulnerability and Threat Detection
* Data Loss Prevention
* Indicators of Compromise
* Inline-CASB Application Definitions
* Internet Services
* Intrusion Protection
* IP Geolocation
* Secure DNS
* ENDPOINT SECURITY
* ANN and NDR
* AntiVirus
* Endpoint Detection & Response
* Endpoint Vulnerability
* FortiClient Outbreak Detection
* IoT Detection
* Sandbox Behavior Engine
* APPLICATION SECURITY
* AntiSpam
* Application Control
* Client Application Firewall
* Credential Stuffing Defense
* Operational Technology Security
* Web Application Security
* Web Filtering
* SECURITY OPERATIONS
* Breach Attack Simulation
* FortiDevSec
* FortiSIEM Outbreak Detection Service
* Outbreak Deception
* Outbreak Detection
* Pen Testing
* Security Rating
* FortiGate
* FortiAnalyzer
* FortiClient
* FortiWeb
* FortiADC
* FortiAuthenticator
* FortiCNP
* FortiDDoS
* FortiDeceptor
* FortiEDR
* FortiMail
* empty
* FortiNDR
* FortiPAM
* FortiPolicy
* FortiProxy
* FortiRecon
* FortiSandBox
* FortiSASE
* FortiSIEM
* FortiTester
* FortiCNAPP
* empty
* Anti-Botnet
* AntiVirus
* Application Control
* Inline-CASB Application Definitions
* Intrusion Protection
* IoT Detection
* IP Geolocation
* Operational Technology Security
* Secure DNS
* Security Rating
* Web Filtering
* Indicators of Compromise
* Outbreak Detection
* Security Automation
* Anti-Botnet
* Anti-Recon and Anti-Exploit
* AntiVirus
* Application Firewall
* Credential Stuffing Defense
* Endpoint Vulnerability
* Intrusion Protection
* Outbreak Detection
* Web Filtering
* Anti-Botnet
* AntiVirus
* Application Control
* Credential Stuffing Defense
* Fuzzy Webshell
* IP Geolocation
* Web Application Security
* Anti-Botnet
* AntiVirus
* Credential Stuffing Defense
* Intrusion Protection
* IP Geolocation
* Web Application Security
* Web Filtering
* IP Geolocation
* Anti-Botnet
* Data Loss Prevention
* IP Geolocation
* Vulnerability
* Anti-Botnet
* Anti-Recon and Anti-Exploit
* AntiVirus
* Intrusion Protection
* Outbreak Deception
* AntiVirus
* EndPoint Detection and Response
* Endpoint Vulnerability
* Indicators of Compromise
* Web Filtering
* AntiSpam
* AntiVirus
* Web Filtering
* Network Detection and Response
* AntiVirus
* Data Loss Prevention
* Anti-Botnet
* Application Control
* Anti-Botnet
* Application Control
* Industrial Security
* Digital Risk Protection
* AntiVirus
* Intrusion Protection
* Sandbox Behavior Engine
* Web Filtering
* Anti-Botnet
* AntiVirus
* Application Control
* Data Loss Prevention
* Endpoint Vulnerability
* Intrusion Protection
* Secure DNS
* Web Filtering
* Indicators of Compromise
* IP Geolocation
* Outbreak Detection
* Breach Attack Simulation
* Cloud Threat Detection
* Cloud Vulnerability
* Threat Intelligence
THREAT INTELLIGENCE
CENTER
Browse the FortiGuard Labs extensive encyclopedia and Threat Analytics.
* Application Control Lookup
* Threat Analytics
* Threat Encyclopedia
* Threat Map
* Web Filtering Lookup
* Resources
RESOURCE CENTER
Learn about service status, publications and other available resources.
* FortiGuard Sample Files
* MITRE ATT&CK Matrix
* NIST Cybersecurity Framework
* Publications
* Security Best Practices
* About
ABOUT
FORTIGUARD LABS
PARTNERS
AI-Powered Threat Intelligence for an Evolving Digital World.
* Contact Us
* Premium Services
* RSS Feeds
Leveraging cyber security industry partner relationships.
* Cyber Threat Alliance
* MITRE Engenuity
*
* News / Research
* Advisories
* Outbreak Alerts
* PSIRT Blog
* PSIRT Contact
* Security Blog
* Security Vulnerability Policy
* Threat Signal
* Services
* Anti-Botnet
* Anti-Recon and Anti-Exploit
* Anti-Recon and Anti-Exploit
* AntiSpam
* AntiVirus
* Application Control
* Assessment Services
* Client Forensics
* Cloud Threat Detection
* Cloud Vulnerability
* Endpoint Detection & Response
* Endpoint Detection and Response
* Endpoint Vulnerability
* Endpoint Vulnerability
* FortiTester
* Incident Response
* Indicators of Compromise
* Inline-CASB Application Definitions
* Intrusion Protection
* IoT Detection
* NSE Training
* Operational Technology Security
* Outbreak Deception
* Outbreak Detection
* Pen Testing
* Recon: ACI
* Recon: BP
* Recon: EASM
* Sandbox Behavior Engine
* Security Automation
* Security Awareness Training
* Security Rating
* Web Application Security
* Web Filtering
* Threat Lookup
* Application Control Lookup
* Threat Analytics
* Threat Encyclopedia
* Threat Map
* Web Filtering Lookup
* Resources
* FortiGuard Sample Files
* MITRE ATT&CK Matrix
* NIST Cybersecurity Framework
* Publications
* Security Best Practices
* About
* Contact Us
* Cyber Threat Alliance
* MITRE Engenuity
* Premium Services
* RSS Feeds
* FORTINET
Normal Exact Match CVE Lookup ID Lookup PSIRT Lookup Antispam Lookup Outbreak
Alert Lookup IP/Domain/URL Lookup
INTRUSION PREVENTION
IVANTI.CONNECT.SECURE.POLICY.SECURE.AUTHENTICATION.BYPASS
DESCRIPTION
This indicates an attack attempt to exploit a Authentication Bypass
Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure Gateways.
The vulnerability is due to insufficient validation of user input. A remote,
unauthenticated attacker could exploit this vulnerability by sending a malicious
request to the target gateway. Successfully exploiting this vulnerability could
result in the execution of arbitrary commands.
OUTBREAK ALERT
Widespread exploitation of zero-day vulnerabilities affecting Ivanti Connect
Secure and Policy Secure gateways underway.
View the full Outbreak Alert Report
AFFECTED PRODUCTS
Ivanti Connect Secure prior to 9.1R14x
Ivanti Connect Secure prior to 9.1R15x
Ivanti Connect Secure prior to 9.1R16x
Ivanti Connect Secure prior to 9.1R17x
Ivanti Connect Secure prior to 9.1R18x
Ivanti Connect Secure prior to 22.1R6x
Ivanti Connect Secure prior to 22.2R4x
Ivanti Connect Secure prior to 22.3R1x
Ivanti Connect Secure prior to 22.4R1x
Ivanti Connect Secure prior to 22.4R2x
Ivanti Connect Secure prior to 22.5R1x
Ivanti Connect Secure prior to 22.5R2x
Ivanti Connect Secure prior to 22.6R1x
Ivanti Connect Secure prior to 22.6R2x
ZTA prior to 22.5R1x
ZTA prior to 22.6R1x
Ivanti Policy Secure prior to 9.1R18x
Ivanti Policy Secure prior to 22.5R1x
Ivanti Policy Secure prior to 9.1R17x
Ivanti Policy Secure prior to 22.4R1x
Ivanti Policy Secure prior to 22.6R1x
Ivanti Policy Secure prior to 9.1R16x
IMPACT
System Compromise: Remote attackers can gain control of vulnerable systems.
RECOMMENDED ACTIONS
Apply the most recent upgrade or patch from the vendor.
https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
TELEMETRY
COVERAGE
IPS (Regular DB) IPS (Extended DB)
VERSION UPDATES
Date Version Detail 2024-05-13 27.784 Sig Added 2024-02-19 26.735 Sig Added
2024-02-13 26.732 Sig Added 2024-01-22 26.719 Default_action:pass:drop
2024-01-18 26.718
ID 54588 Created Jan 17, 2024 Updated May 13, 2024 Outbreak Alert Ivanti
Authentication Bypass Threat Signal View Report Risk CVE ID CVE-2024-21887
CVE-2023-46805 Known Exploited Yes Exploit Prediction Score 96.94% Default
Action drop Active Affected OS Windows, Linux, MacOS Affected App Other
* Contact Us
* Legal
* Privacy
* Partners
* Feedback
*
*
*
*
*
Copyright © 2024 Fortinet, Inc. All Rights Reserved.
This site uses cookies. Some are essential to the operation of the site; others
help us improve the user experience. By continuing to use the site, you consent
to the use of these cookies. To learn more about cookies, please read our
privacy policy.
Accept