Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Quest DR Series Disk Backup ReplicationsService.pm command injection attempt

Rule Explanation

This event is generated when an attacker attempts to exploit a command injection vulnerability in Quest DR Series Disk Backup Appliance. Impact: Web Application Attack Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

CVE-2018-11166
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46).
Details
Severity Base Score8.8
Impact Score5.9 Exploit Score2.8
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Access Vector
Authentication Ease of Access