ET WEB_SPECIFIC_APPS CloudPanel Insecure file-manager Cookie Authentication File Permission Modification (CVE-2023-35885)

SID: 2056092Rev: 111 views

Sourceet/open

CreatedSeptember 24, 2024

UpdatedSeptember 24, 2024

Classificationweb-application-activity

alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS CloudPanel Insecure file-manager Cookie Authentication File Permission Modification (CVE-2023-35885)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/file-manager/backend/permissions"; fast_pattern; http.cookie; content:"clp-fm|3d|"; http.content_type; content:"application/x-www-form-urlencoded"; http.request_body; content:"id|3d 2f|"; content:"permissions|3d|"; reference:url,datack.my/fallingskies-cloudpanel-0-day/; reference:cve,2023-35885; classtype:web-application-activity; sid:2056092; rev:1; metadata:attack_target Server, tls_state plaintext, created_at 2024_09_24, cve CVE_2023_35885, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, updated_at 2024_09_24, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

url	datack.my/fallingskies-cloudpanel-0-day/
cve	2023-35885

Metadata

attack targetServer

tls stateplaintext

created at2024_09_24

cveCVE-2023-35885

deploymentInternal

performance impactLow

confidenceHigh

signature severityMajor

tagExploit

updated at2024_09_24

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1190

mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!