ET EXPLOIT HP Enterprise VAN SDN Controller Root Command Injection (Unix)

SID: 2026028Rev: 30 views
History
Sourceet/open
CreatedAugust 24, 2018
UpdatedApril 6, 2024
Classificationattempted-admin
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT HP Enterprise VAN SDN Controller Root Command Injection (Unix)"; flow:established,to_server; http.header; content:"X-Auth-Token|3a 20|AuroraSdnToken"; fast_pattern; http.request_body; content:"|7b 22|action|22 3a 22|uninstall|22 2c 22|name|22 3a 22|--pre-invoke="; content:"|5c 5c|x73|5c 5c|x68"; distance:0; reference:url,github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hp_van_sdn_cmd_inject.rb; classtype:attempted-admin; sid:2026028; rev:3; metadata:attack_target Client_Endpoint, created_at 2018_08_24, deployment Datacenter, signature_severity Major, updated_at 2024_04_06, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services;)

References

urlgithub.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hp_van_sdn_cmd_inject.rb

Metadata

attack targetClient_Endpoint
created at2018_08_24
deploymentDatacenter
signature severityMajor
updated at2024_04_06
mitre tactic idTA0008
mitre tactic nameLateral_Movement
mitre technique idT1210
mitre technique nameExploitation_Of_Remote_Services

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!