ET EXPLOIT HP Enterprise VAN SDN Controller Root Command Injection (Linux)

SID: 2026029Rev: 20 viewsHistory

Sourceet/open

CreatedAugust 24, 2018

UpdatedAugust 25, 2020

Classificationattempted-admin

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT HP Enterprise VAN SDN Controller Root Command Injection (Linux)"; flow:established,to_server; http.header; content:"X-Auth-Token|3a 20|AuroraSdnToken"; fast_pattern; http.request_body; content:"|7b 22|action|22 3a 22|uninstall|22 2c 22|name|22 3a 22|--pre-invoke="; content:".deb"; content:"/var/lib/sdn/uploads"; reference:url,github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hp_van_sdn_cmd_inject.rb; classtype:attempted-admin; sid:2026029; rev:2; metadata:attack_target Client_Endpoint, created_at 2018_08_24, deployment Datacenter, signature_severity Major, updated_at 2020_08_25, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services;)

References

url	github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hp_van_sdn_cmd_inject.rb

Metadata

attack targetClient_Endpoint

created at2018_08_24

deploymentDatacenter

signature severityMajor

updated at2020_08_25

mitre tactic idTA0008

mitre tactic nameLateral_Movement

mitre technique idT1210

mitre technique nameExploitation_Of_Remote_Services

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!