Rule Document 1:45413

Report a false positive

Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Hikvision IP camera admin authentication attempt

Rule Explanation

This event is generated when an attacker attempts to request resources from the Hikvision IP camera's web server using an undisclosed admin authorization technique. Impact: Web Application Attack Details: Rule checks for an attempt to exploit an improper authentication vulnerability present in Hikvision IP cameras. Ease of Attack: Simple; information about the vulnerability and exploitation is publicly-available.

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2017-7921

Additional Links

hikvision.com/us/about_10805.html

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2017-7921
 Loading description