ET WEB_SPECIFIC_APPS Openmediavault Crontab Manipulation Remote Code Execution/Privilege Escalation (CVE-2013-3652)

SID: 2054658Rev: 186 viewsHistory

Sourceet/open

CreatedJuly 24, 2024

UpdatedJuly 24, 2024

Classificationtrojan-activity

alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Openmediavault Crontab Manipulation Remote Code Execution/Privilege Escalation (CVE-2013-3652)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/rpc.php"; http.request_body; content:"|7b 22|service|22 3a 20 22|Cron|22 2c 20 22|method|22 3a 20 22|set|22 2c 20 22|params|22 3a 20 7b 22|"; startswith; fast_pattern; content:"|22|username|22 3a 20 22|root|22|"; content:"|22|command|22 3a 20 22|"; reference:cve,2013-3652; reference:url,attackerkb.com/topics/zl1kmXbAce/cve-2013-3632; classtype:trojan-activity; sid:2054658; rev:1; metadata:affected_product Web_Server_Applications, attack_target Server, tls_state TLSDecrypt, created_at 2024_07_24, cve CVE_2013_3652, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_07_24;)

References

cve	2013-3652
url	attackerkb.com/topics/zl1kmXbAce/cve-2013-3632

Metadata

affected productWeb_Server_Applications

attack targetServer

tls stateTLSDecrypt

created at2024_07_24

cveCVE-2013-3652

deploymentSSLDecrypt

performance impactLow

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2024_07_24

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!