Help
FortiNDRCloud
SaaS based NDR solution providing 365 days data retention, along with Technical Success Manager
kcheung
Staff
Staff

Created on ‎06-20-2024 10:26 PM

Article Id 321619

FortiGuard Outbreak Alert: PHP RCE Attack

Description

CVE-2024-4577 is an argument injection vulnerability affecting PHP when using Apache and PHP-CGI on Windows systems. 

This vulnerability stems from improper character encoding conversions to achieve remote code execution (RCE).

The affected PHP versions are: 

  • PHP 8.3 < 8.3.8 
  • PHP 8.2 < 8.2.20 
  • PHP 8.1 < 8.1.29

TellYouThePass ransomware gang has been leveraging CVE-2024-4577, a remote code execution vulnerability in PHP to deliver web shells and deploy ransomware on targeted systems.
CVE ID

CVE-2024-4577 (https://nvd.nist.gov/vuln/detail/CVE-2024-4577) 
NDR Cloud Detection Rule

FortiNDR Cloud v2024.5+

Detection Rule Name

 Category

Primary MITRE ID

FortiGuard Outbreak Alert: PHP CGI Argument Injection

Attack: Exploitation

T1190 -  Exploit Public-Facing Application
Playbook N/A
Threat Hunting

FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “PHP RCE Attack” related activities  
IOC source: https://www.fortiguard.com/outbreak-ioc?tag=php%20rce%20attack

All IOCs listed above have been added to Threat Intelligence Intel

Suricata Coverage N/A
Other Fortinet Products

For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to  
https://www.fortiguard.com/outbreak-alert/php-rce-attack 
2017
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.