SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP TeamViewer custom URL protocol handler SMB connection attempt
This rule is looking for attempts to invoke a TeamViewer custom URL protocol handler into making a connection to a remote SMB share. An attacker might be able to use this to achieve privilege escalation.
In the event that an attacker attempts to exploit a privilege escalation vulnerability that is related to an unquoted search path or element with a malicious iframe.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
Escalation of Privilege
An Escalation of Privilege (EOP) attack is any attack method that results in a user or application gaining permissions to access resources they normally would not have access to.
CVE-2020-13699 |
Loading description
|
Tactic: Privilege Escalation
Technique: Bypass User Account Control
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org