Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
zeromahesh
New Contributor

Created on ‎02-06-2021 12:30 AM

Fortinet IPS does not block Joomla!.Core.Account.Creation.Privilege.Escalation Exploit

Dear All,

 

I have deployed Fortigate VM in AWS and all the licenses are active except Fortiguard. My issue is when I do a exploit to Joomla 3.4.4 instance placed behind the Fortigate VM through a Security Policy which has a IPS profile with all the IPS signatures selected, it does not get blocked, exploit success and user gets created on the Joomla instance.

 

I have no idea why Fortigate does not block that exploit attempt. And also I can find that specific signature in the IPS Signature database in my instance.

6351
0 Kudos
7 REPLIES 7
zeromahesh
New Contributor

Created on ‎02-06-2021 01:42 PM

Dear All,

 

Anyone can answer my query that would be great.

4806
0 Kudos
Markus
Valued Contributor
In response to zeromahesh

Created on ‎02-08-2021 01:00 AM

Did you enabled the extended IPS package?

 


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
joomla.jpg
Preview file
15 KB
4806
0 Kudos
zeromahesh
New Contributor
In response to Markus

Created on ‎02-08-2021 01:21 AM

Dear Markus,

Yes Extended DB also enabled.

 

4806
0 Kudos
Markus
Valued Contributor
In response to zeromahesh

Created on ‎02-08-2021 02:35 AM

hmm, strange my screenshot was from version 5.6.12, whitch version you have installed? maybe I can check this also if it's in.

 

Can you upload a screenshot of your IDP policy?


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
4806
0 Kudos
zeromahesh
New Contributor
In response to Markus

Created on ‎02-08-2021 02:38 AM

Hi,

 

Mine is 6.4.3. Please note that that specific Joomla Exploit Signature can be found in my IPS DB too. But the issue is firewall does not detect exploit.

4806
0 Kudos
Markus
Valued Contributor
In response to Markus

Created on ‎02-08-2021 02:45 AM

Can you upload a screenshot of your IDP policy?


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
4806
0 Kudos
pal_FTNT
Staff
Staff
In response to Markus

Created on ‎02-09-2021 11:59 AM

Can you capture a traffic of your exploit attempt and email it to vulnwatch@fortinet.com along with your FGT config file? We can then look deeper in to the issue. If you aren't comfortable with the full config, you can just email us the information for the firewall policy and IPS sensor you are using for testing.

4806
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.