SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Zoom Client ZoomOpener remote code execution attempt
This rule detects a remote code execution attempt against the ZoomOpener local web server by detecting malicious requests that redirect the local web server to download user controlled data uploaded to marketplacecontent[.]zoom[.]us.
This rule detects a remote code execution attempt against the ZoomOpener local web server when left behind on MacOS after uninstalling the Zoom Client.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
Command Injection
Command Injection attacks target applications that allow unsafe user-supplied input. Attackers transmit this input via forms, cookies, HTTP headers, etc. and exploit the applications permissions to execute system commands without injecting code.
CVE-2019-13567 |
Loading description
|
Tactic: Execution
Technique: Exploitation for Client Execution
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org