ET EXPLOIT NodeJS System Information Library Command Injection Attempt (CVE-2021-21315)

SID: 2034973Rev: 22 viewsHistory

Sourceet/open

CreatedJanuary 25, 2022

UpdatedJanuary 25, 2022

Classificationattempted-admin

alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT NodeJS System Information Library Command Injection Attempt (CVE-2021-21315)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/api/getServices?name"; fast_pattern; pcre:"/^(?:\x28|\x29|\x3c|\x3e|\x26|\x2a|\xe2|\x80|\x98|\x7c|\x3f|\x3b|\x5b|\x5d|\x5e|\x7e|\x21|\x2e|\xe2|\x80|\x9d|\x25|\x40|\x2f|\x5c|\x3a|\x2b|\x2c|\x60)/R"; content:"|3d|"; distance:0; within:10; reference:cve,2021-21315; classtype:attempted-admin; sid:2034973; rev:2; metadata:attack_target Server, created_at 2022_01_25, cve CVE_2021_21315, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_01_25, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services;)

References

cve	2021-21315

Metadata

attack targetServer

created at2022_01_25

cveCVE-2021-21315

deploymentInternal

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2022_01_25

mitre tactic idTA0008

mitre tactic nameLateral_Movement

mitre technique idT1210

mitre technique nameExploitation_Of_Remote_Services

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!