""ET EXPLOIT CentOS Control Web Panel Pre-Auth Remote Code Execution (CVE-2022-44877)""
SID: 2043302
Revision: 1
Class Type: attempted-admin
Metadata: attack_target Server, created_at 2023_01_13, cve CVE_2022_44877, deployment Perimeter, deployment Datacenter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2023_01_13, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application
Reference:
-
cve
-
2022-44877
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: 2031
Flow: established,to_server
Contents:
-
Value: "POST /login/index.php?login|3d 24|" Depth: 29
-
Value: "Cookie|3a 20|cwpsrv-"
-
Value: "username="
-
Value: "&password="
-
Value: "&commit=Login"
Within:
PCRE:
Special Options: