Technical Tip: How to create Custom IPS Signature for CVE-2024-27564

raureada · ‎04-06-2025

Description

This article describes how to create a custom IPS Signature to block CVE-2024-27564 OpenAI ChatGPT.

Scope

FortiGate.

Solution

The PSIRT Team has no official signature for CVE-2024-27564. This custom IPS signature can protect against this vulnerability.

To configure custom IPS signatures in the GUI, go to Security Profiles -> IPS Signatures and select Create New.

On the signature box, insert the below signature.

F-SBID(--name "Dirk1983.ChatGPT.SSRF.Custom"; --protocol tcp; --service http; --parsed_type HTTP_GET; --flow from_client; --pattern "pictureproxy.php?"; --context uri; --within 32,context; --pattern "url="; --context uri; --within 128,context; --pattern !"oaidalleapi"; --context uri; --within_abs 30;)

Configuring on the CLI:

config ips custom
edit "CVE-2024-27564"
set signature "F-SBID( --attack_id 7260; --name \"Dirk1983.ChatGPT.SSRF.Custom\"; --protocol tcp; --service http; --parsed_type HTTP_GET; --flow from_client; --pattern \"pictureproxy.php?\"; --context uri; --within 32,context; --pattern \"url=\"; --context uri; --within 128,context; --pattern !\"oaidalleapi\"; --context uri; --within_abs 30;)"
end

Note:

As it is a custom signature for OpenAI ChatGPT, it may not work if there are changes in the attack pattern and may require modification in the future. Here is the documentation guide on how to create or modify an IPS signature: Creating IPS and application control signatures

Fortinet TAC support scopes and out-of-scope support tickets can be found here: Technical Tip: Technical support on customization on various Fortinet products

Technical Tip: How to create Custom IPS Signature for CVE-2024-27564

You are leaving our website