SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER VMware vRealize Log Insight configuration information leak attempt
The rule detects Thrift RPC request sent to VMware vRealize Log Insight resulting in configuration including node guid leak that can used to execute other powerful commands on system.
The rule detects Thrift RPC request sent to VMware vRealize Log Insight resulting in configuration including node guid leak that can used to execute other powerful commands on system.
No public information
Known false positives, with the described conditions
This rule will alert on both normal and malicious getConfig invocations. If the request is initiated by un-trusted IP address, it should be considered malicious.
Cisco Talos Intelligence Group
MITRE::ATT&CK Framework::Enterprise::Reconnaissance::Gather Victim Host Information
MITRE::ATT&CK Framework::Enterprise::Initial Access::Exploit Public-Facing Application
Information Leak
Information Leakage happens when an attacker manipulates a system into revealing sensitive information, either through malformed input or by taking advantage of another feature of the system.
CVE-2022-31711 |
Loading description
|
CVE-2023-34051 |
Loading description
|
Tactic: Initial Access
Technique: Exploit Public-Facing Application
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org