POLICY-OTHER --
POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected
The rule is looking for the use of the FreeSWITCH default username and password when attempting to execute command using mod_xml_rpc. These default username and password can be maliciously used to execute commands.
This is a policy rule which is triggered when a user attempts to use the default username and password for FreeSWITCH mod_xml_rpc command execution.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
Authentication Bypass
An Authentication Bypass occurs when there is a way to avoid providing user credentials to a system before performing restricted operations on said system.
CVE-2018-19911 |
Loading description
|
Tactic: Initial Access
Technique: Valid Accounts
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org