SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP VMWare vSphere Client remote code execution attempt
This rule is designed to alert on attempts to exploit an exposed rest API endpoint in VMWare vSphere Client. Attackers who exploit this can remotely execute code on a vulnerable system. This vulnerability requires multiple requests to execute, and this rule is designed to detect any one of those different requests.
This rule alerts on an attempt to exploit CVE-2021-21985.
Public information/Proof of Concept available
No known false positives
Cisco Talos Intelligence Group
No rule groups
N/A
Not Applicable
CVE-2021-21985 |
Loading description
|
Tactic: Initial Access
Technique: Exploit Public-Facing Application
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org