fortiguard.fortinet.com
Open in
urlscan Pro
154.52.16.198
Public Scan
Submitted URL: http://www.fortinet.com/ids/VID54588
Effective URL: https://fortiguard.fortinet.com/encyclopedia/ips/54588
Submission: On September 03 via api from AE — Scanned from US
Effective URL: https://fortiguard.fortinet.com/encyclopedia/ips/54588
Submission: On September 03 via api from AE — Scanned from US
Form analysis
2 forms found in the DOMGET /search
<form action="/search" method="get" class="form-check d-none ng-pristine ng-valid">
<span class="search_flat">
<label for="search_field_header" class="visually-hidden" id="label-search_field-header">Search</label>
<input id="search_field_header" type="text" class="search_field" placeholder="Search FortiGuard" name="q" required="required" autocomplete="off" aria-labelledby="label-search_field-header" value="">
<button type="submit" value=" " class="btn btn-sm" aria-label="Submit your search">
<img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/search.svg?v=30201" alt="search">
</button>
<div class="global_search-popup">
<fieldset>
<legend class="visually-hidden">Please select any available option</legend>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="all_home" class="form-check-input search-input-option" value="1" checked="checked" aria-checked="true">
<label class="form-check-label search-input-label" for="all_home"> Normal </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="exact_home" class="form-check-input search-input-option" value="2">
<label class="form-check-label search-input-label" for="exact_home"> Exact Match </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="cve_home" class="form-check-input search-input-option" value="3">
<label class="form-check-label search-input-label" for="cve_home"> CVE Lookup </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="threat_home" class="form-check-input search-input-option" value="4">
<label class="form-check-label search-input-label" for="threat_home"> ID Lookup </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="psirt_home" class="form-check-input search-input-option" value="6">
<label class="form-check-label search-input-label" for="psirt_home"> PSIRT Lookup </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="repms_home" class="form-check-input search-input-option" value="8">
<label class="form-check-label search-input-label" for="repms_home"> Antispam Lookup </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="outbreak-alert_home" class="form-check-input search-input-option" value="9">
<label class="form-check-label search-input-label" for="outbreak-alert_home"> Outbreak Alert Lookup </label>
</div>
<div class="form-check search-popup-item">
<input type="radio" name="engine" id="url_home" class="form-check-input search-input-option" value="7">
<label class="form-check-label search-input-label" for="url_home"> IP/Domain/URL Lookup </label>
</div>
</fieldset>
</div>
</span>
</form>
GET /search
<form action="/search" method="get" class="mobile-search-form col-12 ng-pristine ng-valid">
<div class="input-group">
<select class="form-select" name="engine">
<option value="1"> Normal </option>
<option value="2"> Exact Match </option>
<option value="3"> CVE Lookup </option>
<option value="4"> ID Lookup </option>
<option value="6"> PSIRT Lookup </option>
<option value="8"> Antispam Lookup </option>
<option value="9"> Outbreak Alert Lookup </option>
<option value="7"> IP/Domain/URL Lookup </option>
</select>
<input id="search_field_header" type="text" class="form-control" placeholder="Search FortiGuard" name="q" required="required" autocomplete="off" aria-labelledby="label-search_field-header" value="">
<button class="btn btn-sm btn-outline-secondary" type="submit">
<img src="https://filestore.fortinet.com/fortiguard/static/images/icons_white/search.svg?v=30201" alt="search">
</button>
</div>
</form>
Text Content
* Search Please select any available option Normal Exact Match CVE Lookup ID Lookup PSIRT Lookup Antispam Lookup Outbreak Alert Lookup IP/Domain/URL Lookup * News / Research NEWS/RESEARCH RESEARCH CENTER PSIRT CENTER Explore latest research and threat reports on emerging cyber threats. * Outbreak Alerts * Security Blog * Threat Signal Fortinet Product Security Incident Response Team (PSIRT) updates. * Advisories * PSIRT Blog * PSIRT Contact * Security Vulnerability Policy * Services SERVICES BY OUTBREAK BY SOLUTION BY PRODUCT PROTECT Counter measures across the security fabric for protecting assets, data and network. * Anti-Botnet * Anti-Recon and Anti-Exploit * AntiSpam * AntiVirus * Application Control * Endpoint Detection & Response * Endpoint Vulnerability * Inline-CASB Application Definitions * Intrusion Protection * Operational Technology Security * Sandbox Behavior Engine * Web Application Security * Web Filtering DETECT Find and correlate important information to identify an outbreak.Find and correlate * Anti-Recon and Anti-Exploit * Cloud Threat Detection * Indicators of Compromise * Outbreak Deception * Outbreak Detection * Security Automation RESPOND Develop containment techniques to mitigate impacts of security events.Develop containment * Client Forensics * Endpoint Detection and Response * Incident Response * Recon: ACI RECOVER Improve security posture and processes by implementing security awareness and training. * Assessment Services * NSE Training * Security Awareness Training IDENTIFY Identify processes and assets that need protection.Identify processes and assets that * Cloud Vulnerability * Endpoint Vulnerability * FortiTester * IoT Detection * Pen Testing * Recon: BP * Recon: EASM * Security Rating * NETWORK SECURITY * Anti-Botnet * Anti-Recon and Anti-Exploit * Cloud Vulnerability and Threat Detection * Data Loss Prevention * Indicators of Compromise * Inline-CASB Application Definitions * Internet Services * Intrusion Protection * IP Geolocation * Secure DNS * ENDPOINT SECURITY * ANN and NDR * AntiVirus * Endpoint Detection & Response * Endpoint Vulnerability * FortiClient Outbreak Detection * IoT Detection * Sandbox Behavior Engine * APPLICATION SECURITY * AntiSpam * Application Control * Client Application Firewall * Credential Stuffing Defense * Operational Technology Security * Web Application Security * Web Filtering * SECURITY OPERATIONS * Breach Attack Simulation * FortiDevSec * FortiSIEM Outbreak Detection Service * Outbreak Deception * Outbreak Detection * Pen Testing * Security Rating * FortiGate * FortiAnalyzer * FortiClient * FortiWeb * FortiADC * FortiAuthenticator * FortiCNP * FortiDDoS * FortiDeceptor * FortiEDR * FortiMail * empty * FortiNDR * FortiPAM * FortiPolicy * FortiProxy * FortiRecon * FortiSandBox * FortiSASE * FortiSIEM * FortiTester * FortiCNAPP * empty * Anti-Botnet * AntiVirus * Application Control * Inline-CASB Application Definitions * Intrusion Protection * IoT Detection * IP Geolocation * Operational Technology Security * Secure DNS * Security Rating * Web Filtering * Indicators of Compromise * Outbreak Detection * Security Automation * Anti-Botnet * Anti-Recon and Anti-Exploit * AntiVirus * Application Firewall * Credential Stuffing Defense * Endpoint Vulnerability * Intrusion Protection * Outbreak Detection * Web Filtering * Anti-Botnet * AntiVirus * Application Control * Credential Stuffing Defense * Fuzzy Webshell * IP Geolocation * Web Application Security * Anti-Botnet * AntiVirus * Credential Stuffing Defense * Intrusion Protection * IP Geolocation * Web Application Security * Web Filtering * IP Geolocation * Anti-Botnet * Data Loss Prevention * IP Geolocation * Vulnerability * Anti-Botnet * Anti-Recon and Anti-Exploit * AntiVirus * Intrusion Protection * Outbreak Deception * AntiVirus * EndPoint Detection and Response * Endpoint Vulnerability * Indicators of Compromise * Web Filtering * AntiSpam * AntiVirus * Web Filtering * Network Detection and Response * AntiVirus * Data Loss Prevention * Anti-Botnet * Application Control * Anti-Botnet * Application Control * Industrial Security * Digital Risk Protection * AntiVirus * Intrusion Protection * Sandbox Behavior Engine * Web Filtering * Anti-Botnet * AntiVirus * Application Control * Data Loss Prevention * Endpoint Vulnerability * Intrusion Protection * Secure DNS * Web Filtering * Indicators of Compromise * IP Geolocation * Outbreak Detection * Breach Attack Simulation * Cloud Threat Detection * Cloud Vulnerability * Threat Intelligence THREAT INTELLIGENCE CENTER Browse the FortiGuard Labs extensive encyclopedia and Threat Analytics. * Application Control Lookup * Threat Analytics * Threat Encyclopedia * Threat Map * Web Filtering Lookup * Resources RESOURCE CENTER Learn about service status, publications and other available resources. * FortiGuard Sample Files * MITRE ATT&CK Matrix * NIST Cybersecurity Framework * Publications * Security Best Practices * About ABOUT FORTIGUARD LABS PARTNERS AI-Powered Threat Intelligence for an Evolving Digital World. * Contact Us * Premium Services * RSS Feeds Leveraging cyber security industry partner relationships. * Cyber Threat Alliance * MITRE Engenuity * * News / Research * Advisories * Outbreak Alerts * PSIRT Blog * PSIRT Contact * Security Blog * Security Vulnerability Policy * Threat Signal * Services * Anti-Botnet * Anti-Recon and Anti-Exploit * Anti-Recon and Anti-Exploit * AntiSpam * AntiVirus * Application Control * Assessment Services * Client Forensics * Cloud Threat Detection * Cloud Vulnerability * Endpoint Detection & Response * Endpoint Detection and Response * Endpoint Vulnerability * Endpoint Vulnerability * FortiTester * Incident Response * Indicators of Compromise * Inline-CASB Application Definitions * Intrusion Protection * IoT Detection * NSE Training * Operational Technology Security * Outbreak Deception * Outbreak Detection * Pen Testing * Recon: ACI * Recon: BP * Recon: EASM * Sandbox Behavior Engine * Security Automation * Security Awareness Training * Security Rating * Web Application Security * Web Filtering * Threat Lookup * Application Control Lookup * Threat Analytics * Threat Encyclopedia * Threat Map * Web Filtering Lookup * Resources * FortiGuard Sample Files * MITRE ATT&CK Matrix * NIST Cybersecurity Framework * Publications * Security Best Practices * About * Contact Us * Cyber Threat Alliance * MITRE Engenuity * Premium Services * RSS Feeds * FORTINET Normal Exact Match CVE Lookup ID Lookup PSIRT Lookup Antispam Lookup Outbreak Alert Lookup IP/Domain/URL Lookup INTRUSION PREVENTION IVANTI.CONNECT.SECURE.POLICY.SECURE.AUTHENTICATION.BYPASS DESCRIPTION This indicates an attack attempt to exploit a Authentication Bypass Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure Gateways. The vulnerability is due to insufficient validation of user input. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to the target gateway. Successfully exploiting this vulnerability could result in the execution of arbitrary commands. OUTBREAK ALERT Widespread exploitation of zero-day vulnerabilities affecting Ivanti Connect Secure and Policy Secure gateways underway. View the full Outbreak Alert Report AFFECTED PRODUCTS Ivanti Connect Secure prior to 9.1R14x Ivanti Connect Secure prior to 9.1R15x Ivanti Connect Secure prior to 9.1R16x Ivanti Connect Secure prior to 9.1R17x Ivanti Connect Secure prior to 9.1R18x Ivanti Connect Secure prior to 22.1R6x Ivanti Connect Secure prior to 22.2R4x Ivanti Connect Secure prior to 22.3R1x Ivanti Connect Secure prior to 22.4R1x Ivanti Connect Secure prior to 22.4R2x Ivanti Connect Secure prior to 22.5R1x Ivanti Connect Secure prior to 22.5R2x Ivanti Connect Secure prior to 22.6R1x Ivanti Connect Secure prior to 22.6R2x ZTA prior to 22.5R1x ZTA prior to 22.6R1x Ivanti Policy Secure prior to 9.1R18x Ivanti Policy Secure prior to 22.5R1x Ivanti Policy Secure prior to 9.1R17x Ivanti Policy Secure prior to 22.4R1x Ivanti Policy Secure prior to 22.6R1x Ivanti Policy Secure prior to 9.1R16x IMPACT System Compromise: Remote attackers can gain control of vulnerable systems. RECOMMENDED ACTIONS Apply the most recent upgrade or patch from the vendor. https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US TELEMETRY COVERAGE IPS (Regular DB) IPS (Extended DB) VERSION UPDATES Date Version Detail 2024-05-13 27.784 Sig Added 2024-02-19 26.735 Sig Added 2024-02-13 26.732 Sig Added 2024-01-22 26.719 Default_action:pass:drop 2024-01-18 26.718 ID 54588 Created Jan 17, 2024 Updated May 13, 2024 Outbreak Alert Ivanti Authentication Bypass Threat Signal View Report Risk CVE ID CVE-2024-21887 CVE-2023-46805 Known Exploited Yes Exploit Prediction Score 96.94% Default Action drop Active Affected OS Windows, Linux, MacOS Affected App Other * Contact Us * Legal * Privacy * Partners * Feedback * * * * * Copyright © 2024 Fortinet, Inc. All Rights Reserved. This site uses cookies. Some are essential to the operation of the site; others help us improve the user experience. By continuing to use the site, you consent to the use of these cookies. To learn more about cookies, please read our privacy policy. Accept