Create CVE-2024-47575.yaml #11355

zelosleone · 2024-12-14T14:01:15Z

Authenticate using provided credentials (via {{username}} and {{password}} variables).
Retrieve Serial Numbers and Device Information via JSON-RPC requests.
Match Log Entries indicative of unauthorized device additions or modifications.
Identify Suspicious IP Addresses known to be associated with malicious activities.
Check for Accessible Files (e.g., /tmp/.tm and /var/tmp/.tm) that may indicate tampering, although no known malicious content pattern is assumed according to forticlient, at least not reported yet.

Log Entries: Detects events like "Unregistered device localhost add succeeded" and "Edited device settings (SN FMG-VMTM23017412)"
Serial Numbers: Matches FMG-VMTM23017412, FMG-VMTM19008093, FGVMEVWG8YMT3R63
Suspicious IP Addresses: Checks for known malicious IPs provided in the IoC list
Files: Accesses /tmp/.tm and /var/tmp/.tm to confirm their accessibility (may not appear in all cases)

The template does not attempt exploitation; it merely detects IoCs and suspicious conditions.

Also, I used Fortimanager's API Documents specially for this, it would be great to test it locally as well but i don't have access to it, yet.

I've validated this template locally?

/claim #11218

GeorginaReeder · 2024-12-16T11:08:46Z

Thanks for your contribution @zelosleone ! :)

zelosleone · 2024-12-16T11:13:50Z

Thanks for your contribution @zelosleone ! :)

Thank you, If there is anything I need to do for it to be merged, please let me know.

algora-pbc · 2024-12-16T12:35:33Z

Create CVE-2024-47575.yaml

3ba5d8b

Merge branch 'main' into main

24b452e

algora-pbc bot mentioned this pull request Dec 16, 2024

Fortinet FortiManager Unauthenticated RCE #11218

Open

1 task

algora-pbc bot added the 🙋 Bounty claim label Dec 16, 2024

zelosleone added 2 commits December 17, 2024 23:06

Merge branch 'main' into main

cb5ee14

Merge branch 'main' into main

3124b08

Provide feedback