ET WEB_SPECIFIC_APPS Ruijie Network Switches Unauthenticated Command Execution
Sourceet/open
Fileemerging-web_specific_apps.rules
CreatedMarch 15, 2024
UpdatedApril 29, 2024
Classificationattempted-admin
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Ruijie Network Switches Unauthenticated Command Execution"; flow:established,to_server ; http.method; content:"GET"; http.uri; content:"/EXCU_SHELL"; fast_pattern; http.header_names; to_lowercase; content:"|0d 0a|cmdnum|0d 0a|"; content:"|0d 0a|command1|0d 0a|"; content:"|0d 0a|confirm1|0d 0a|"; reference:url,www.exploit-db.com/exploits/51888 ; classtype:attempted-admin; sid:2051667; rev:2; metadata:affected_product Ruijie_Network_Products, attack_target Networking_Equipment, tls_state plaintext, created_at 2024_03_15, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_04_29, reviewed_at 2024_10_03, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services; target:dest_ip;)
References
Metadata
affected productRuijie_Network_Products
attack targetNetworking_Equipment
tls stateplaintext
created at2024_03_15
deploymentPerimeter
performance impactLow
confidenceHigh
signature severityMajor
updated at2024_04_29
reviewed at2024_10_03
mitre tactic idTA0008
mitre tactic nameLateral_Movement
mitre technique idT1210
mitre technique nameExploitation_Of_Remote_Services
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!