SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP ZoomOpener remote code execution attempt
This rule detects a remote code execution attempt against the ZoomOpener local web server by detecting malicious requests that redirect the local web server to download data from an attacker controlled webserver by bypassing an insufficient suffix check in ZoomOpener.
This rule detects a remote code execution attempt against the ZoomOpener local web server when left behind on MacOS after uninstalling the Zoom Client.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
Command Injection
Command Injection attacks target applications that allow unsafe user-supplied input. Attackers transmit this input via forms, cookies, HTTP headers, etc. and exploit the applications permissions to execute system commands without injecting code.
CVE-2019-13567 |
Loading description
|
Tactic: Execution
Technique: Exploitation for Client Execution
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org