SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER Unitrends UEB 9 bpserverd unauthenticated remote command execution attempt
This rule alerts when an attempt to exploit a proprietary command in the Unitrends UEB 9 bpserverd daemon exposed via xinetd is detected. The command provided by the bpserverd daemon allows attackers to execute any command available to the linux subsystem without requiring execution. This can lead to complete system compromise, as the utility runs as the root user.
This rule alerts when an attacker attempts to exploit CVE-2017-12477.
Public information/Proof of Concept available
No known false positives
Cisco Talos Intelligence Group
No rule groups
Command Injection
Command Injection attacks target applications that allow unsafe user-supplied input. Attackers transmit this input via forms, cookies, HTTP headers, etc. and exploit the applications permissions to execute system commands without injecting code.
CVE-2017-12477 |
Loading description
|
Tactic: Execution
Technique: User Execution
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org