SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP SolarWinds Orion authentication bypass attempt
This rule is looking for a parameter that allows authentication to be bypassed.
This rule looks for reconnaissance and potential authentication bypass attempts against SolarWinds Orion network software.
Attacks/Scans seen in the wild
No known false positives
Cisco Talos Intelligence Group
No rule groups
Authentication Bypass
An Authentication Bypass occurs when there is a way to avoid providing user credentials to a system before performing restricted operations on said system.
CVE-2020-10148 |
Loading description
|
Tactic: Initial Access
Technique: Exploit Public-Facing Application
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org