Help
FortiDeceptor
FortiDeceptor provides Deception-based Breach Protection to deceive, expose and eliminate external and internal threats.
mbensimon
Staff
Staff

Created on ‎03-16-2023 10:56 PM

Article Id 249364

Technical Tip: How to use FortiDeceptor to Detect and Mitigate the Joomla!.CMS.Webservice.API.index.php.Unauthorized.Access

Description

This article describes how FortiDeceptor Decoys can detect activities related to The Joomla!.CMS.Webservice.API.index.php.Unauthorized. CVE-2023-23752 access can lead to unauthorized access to web services endpoints.

Joomla! is a free, open-source website development and content management (CMS) platform. Like other content management systems, Joomla! Removes much of the technical aspect of setting up and running a website. Some significant features: Provides plugs ins and site modules to enhance websites and content. An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to web service endpoints.

 

Cyber Deception Against cyber attacks that try to Joomla CMS Webservice vulnerability:

 

1) FortiDeceptor starts by deploying network decoys across the network segments, creating a fake environment that simulates the real network and assets. The Joomla CMS Webservice vulnerability looks to attack the Joomla CMS web service endpoints.

Network decoys like RedHat with Joomla CMS deployment will be deployed across several network locations, such as Data Centers/ DMZ / Cloud. (FortiDeceptor uses RedHat under custom decoy to deploy Joomla)
Scope

The Deception Decoys and lures against the 'Joomla CMS Webservice' vulnerability attacks can be used in FortiDeceptor V.3.3 and above.
Solution

Cyber Deception Against  'Joomla CMS Webservice' attacks:

1) Configure network segments under the 'Deployment Network' section that FortiDeceptor will use to deploy network decoys. (Due to the nature of the attack, verify that the Data Center/ DMZ / Cloud segments are covered where WEB servers are located).

 

2) Install Linux (RHEL) custom decoy with the vulnerable Joomla CMS software version inside the decoy and have it as a decoy template.

See the HOWTO video for custom decoy deployment:

https://video.fortinet.com/products/fortideceptor/3.0/fortideceptor-windows-customization.

 

3) Deploy the custom Linux Decoy (with Joomla CMS enabled) across the Data Center/ DMZ / Cloud segments network VLANs segments that are configured under the 'Deployment Network' section.

 

4) Once a threat actor or malware tries to penetrate a decoy with the Joomla CMS installation, Fortideceptor will trigger a real-time alert.

 

5) FortiDeceptor will leverage the Fortinet Fabric or other third parties tools to execute a threat mitigation response to isolate the threat.

 

FortiDeceptor is Part of the Fortinet Security Fabric:

FortiDeceptor is natively integrated with FortiGate, FortiNAC, FortiSIEM, FortiAnalyzer, FortiSOAR, FortiEDR, and other Fabric solutions (third-party tools) to automate the mitigation response based on attack detection.
220
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.