Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
zeromahesh
New Contributor

Fortinet IPS does not block Joomla!.Core.Account.Creation.Privilege.Escalation Exploit

Dear All,

 

I have deployed Fortigate VM in AWS and all the licenses are active except Fortiguard. My issue is when I do a exploit to Joomla 3.4.4 instance placed behind the Fortigate VM through a Security Policy which has a IPS profile with all the IPS signatures selected, it does not get blocked, exploit success and user gets created on the Joomla instance.

 

I have no idea why Fortigate does not block that exploit attempt. And also I can find that specific signature in the IPS Signature database in my instance.

7 REPLIES 7
zeromahesh
New Contributor

Dear All,

 

Anyone can answer my query that would be great.

Markus
Valued Contributor

Did you enabled the extended IPS package?

 


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
zeromahesh

Dear Markus,

Yes Extended DB also enabled.

 

Markus
Valued Contributor

hmm, strange my screenshot was from version 5.6.12, whitch version you have installed? maybe I can check this also if it's in.

 

Can you upload a screenshot of your IDP policy?


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
zeromahesh

Hi,

 

Mine is 6.4.3. Please note that that specific Joomla Exploit Signature can be found in my IPS DB too. But the issue is firewall does not detect exploit.

Markus
Valued Contributor

Can you upload a screenshot of your IDP policy?


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
pal_FTNT

Can you capture a traffic of your exploit attempt and email it to vulnwatch@fortinet.com along with your FGT config file? We can then look deeper in to the issue. If you aren't comfortable with the full config, you can just email us the information for the firewall policy and IPS sensor you are using for testing.

Labels
Top Kudoed Authors