ET WEB_SPECIFIC_APPS Zyxel Authentication Bypass Attempt (CVE-2023-4473) - Information Leak via show_sysinfo

SID: 2052326Rev: 232 views
History
Sourceet/open
CreatedMay 1, 2024
UpdatedNovember 26, 2024
Classificationattempted-admin
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Zyxel Authentication Bypass Attempt (CVE-2023-4473) - Information Leak via show_sysinfo"; flow:established,to_server; http.uri; content:"/cmd,/ck6fup6/system_main/show_sysinfo/"; fast_pattern; startswith; pcre:"/(?:favicon.ico|adv,\/cgi-bin\/weblogin\.cgi|desktop,\/(?:file_download\.cgi|cgi-bin\/dlnotify|login\.html|res\/|css\/|utility\/flag\/js)|MyWeb\/|register_main\/setCookie|playzone,\/(?:mobile_login\.html|mobile\/sencha\/|mobile\/images\/|images\/))/R"; reference:url,bugprove.com/knowledge-hub/cve-2023-4473-and-cve-2023-4474-authentication-bypass-and-multiple-blind-os-command-injection-vulnerabilities-in-zyxel-s-nas-326-devices/; reference:cve,2023-4473; classtype:attempted-admin; sid:2052326; rev:2; metadata:affected_product Zyxel, created_at 2024_05_01, cve CVE_2023_4473, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

urlbugprove.com/knowledge-hub/cve-2023-4473-and-cve-2023-4474-authentication-bypass-and-multiple-blind-os-command-injection-vulnerabilities-in-zyxel-s-nas-326-devices/
cve2023-4473

Metadata

affected productZyxel
created at2024_05_01
deploymentInternal
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_11_26
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!