Think you have a false positive on this rule?

Sid 1-46972

Message

SERVER-WEBAPP Quest DR Series Disk Backup UsersService.pm update method command injection attempt

Summary

This event is generated when an attacker attempts to exploit a command injection vulnerability in Quest DR Series Disk Backup Appliances.

Impact

Web Application Attack

CVE-2018-11144:

CVSS base score 8.8

CVSS impact score 5.9

CVSS exploitability score 2.8

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2018-11144: Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).

Affected systems

Ease of attack

CVE-2018-11144:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities