SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP AudioCode 400HD command injection attempt
This rule detects cmd injection attempts against AudioCodes IP phone 420HD devices using firmware version 188.8.131.52
This rule alerts on initial exploit traffic.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
Command Injection attacks target applications that allow unsafe user-supplied input. Attackers transmit this input via forms, cookies, HTTP headers, etc. and exploit the applications permissions to execute system commands without injecting code.
CVE-2018-10093AudioCodes IP phone 420HD devices using firmware version 184.108.40.206 allow Remote Code Execution.
Technique: Exploitation for Client Execution
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org