PROTOCOL-OTHER -- Snort alerted on traffic known to exploit vulnerabilities in protocols that do not fit into one of the other protocol rule categories.
PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected
This event is generated when traffic conforming to the undocumented ScMM backdoor test interface is detected
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2014-0659The Cisco WAP4410N access point with firmware through 22.214.171.124, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 126.96.36.199, and RVS4000 router with firmware through 188.8.131.52 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
||Ease of Access||