SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt
This event is generated when there is a potential remote code execution attempt exploiting a deserialization vulnerability in the SQL Server Reporting Services (SSRS) web application. Impact: NIST CVSS score Base Score: 8.8 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Details: Low (Browser role) level user accounts may execute code on the server by exploiting the deserialization vulnerability. Ease of Attack:
This rule looks for a viewstate parameter that is making a call to System.Delegate in SQL Server
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2020-0618 |
Loading description
|
Tactic: Initial Access
Technique: Exploit Public-Facing Application
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org