SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER SaltStack wheel directory traversal attempt
This rule looks for dir traversal attempts in the ZeroMQ messages sent to SaltStack masters.
What To Look For
This rule looks for initial attack traffic.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
Technique: Execution through API
For reference, see the MITRE ATT&CK vulnerability types here:
An Authentication Bypass occurs when there is a way to avoid providing user credentials to a system before performing restricted operations on said system.
CVE Additional Information