ET EXPLOIT Qianxin Netcom NGFW Command Injection

SID: 2034885Rev: 11 views
History
Sourceet/open
CreatedJanuary 11, 2022
UpdatedJanuary 11, 2022
Classificationattempted-admin
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Qianxin Netcom NGFW Command Injection"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/directdata/direct/router"; http.request_body; content:"SSLVPN_Resource"; fast_pattern; content:"deleteImage"; content:"f8839p7rqtj"; reference:url,www.fatalerrors.org/a/national-hw-action-part-0-day-loopholes-reappear-in-2021.html; classtype:attempted-admin; sid:2034885; rev:1; metadata:created_at 2022_01_11, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_01_11, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services;)

References

urlwww.fatalerrors.org/a/national-hw-action-part-0-day-loopholes-reappear-in-2021.html

Metadata

created at2022_01_11
deploymentPerimeter
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2022_01_11
mitre tactic idTA0008
mitre tactic nameLateral_Movement
mitre technique idT1210
mitre technique nameExploitation_Of_Remote_Services

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!