iSID Analyst Knowledge Base

Definitions, and additional context on iSID alerts along with helpful recommendations

Category: Cyber Attack

( 538 Alerts)

NF – POLICY – AnyDesk – Replay domain lookup

A DNS reply from AnyDesk (remote control tool) was made from the internal network to the internet.

NF – POLICY – LLMNR – Link-local Multicast name resolution in use – Unsafe to use

Traffic of LLMNR was detected. LLMNR (Link-Local Multicast Name Resolution) is a protocol used in modern Windows operating systems (starting from Windows Vista and later) to resolve the names of neighboring computers on the same local network (link-local) when traditional DNS (Domain Name System) resolution fails

SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt

This alert is triggered when detecting an attempt to exploit CVE-2013-2068 a directory traversal vulnerability in the Red Hat CloudForm agent controller. Red Hat CloudForms is a hybrid cloud management platform. This rule is particularly looking for signs of an attacker attempting to exploit the system by specifying a file path that navigates outside of the intended directory, potentially aiming to overwrite system files or place malicious scripts on the server.

SERVER-WEBAPP Synology DiskStation Manager SLICEUPLOAD remote command execution attempt

This alert is triggered when detecting an attempt to exploit CVE-2013- 6955 a remote command execution vulnerability in Synology DiskStation Manager. The Synology DiskStation Manager is an operating system used by Synology's NAS devices. This rule is particularly looking for signs of an attacker attempting to exploit the 'SLICEUPLOAD' feature by specifying the 'imageSelector.cgi' endpoint and a specific header, potentially aiming to execute malicious commands.

SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt

This alert is triggered when detecting an attempt to exploit CVE-2013-6810 a directory traversal vulnerability in EMC Connectrix Manager. EMC Connectrix Manager is an application used to manage storage infrastructure. This rule is particularly looking for signs of an attacker attempting to exploit the system by specifying a file path that navigates outside of the intended directory, potentially aiming to overwrite system files or place malicious scripts on the server.

SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt

This alert is triggered when detecting an attempt to exploit CVE-2013-5486 a directory traversal vulnerability in Cisco Prime Data Center Network Manager (DCNM). The Cisco Prime DCNM is a management solution for data centers. This rule is particularly looking for signs of an attacker trying to manipulate the fileUpload URI and upload files to unintended directories, potentially aiming to overwrite system files or place malicious scripts on the server.

SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt

This alert is triggered when detecting an attempt to exploit CVE-2013-5486 a directory traversal vulnerability in Cisco Prime Data Center Network Manager (DCNM). The Cisco Prime DCNM is a management solution for data centers. This rule is particularly looking for signs of an attacker trying to manipulate the fileUpload URI and upload files to unintended directories, potentially aiming to overwrite system files or place malicious scripts on the server.

SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt

This alert is triggered when detecting an attempt to exploit CVE-2013-2068 a directory traversal vulnerability in the Red Hat CloudForm agent controller. Red Hat CloudForms is a hybrid cloud management platform. This rule is particularly looking for signs of an attacker attempting to exploit the system by specifying a file path that navigates outside of the intended directory, potentially aiming to overwrite system files or place malicious scripts on the server.

SERVER-WEBAPP Zimbra remote code execution attempt

This alert is triggered when detecting an attempt to exploit a directory traversal vulnerability in Zimbra Collaboration Suite, to potentially extract sensitive configuration details. Zimbra Collaboration Suite is an open-source email, calendaring, and collaboration software. This rule is particularly looking for requests aimed at retrieving the localconfig.xml file by exploiting a path traversal vulnerability. This XML file can potentially contain sensitive configuration details.

SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt

This alert is triggered when detecting an attempt to exploit CVE-2013-5486 a directory traversal vulnerability in Cisco Prime Data Center Network Manager (DCNM) The Cisco Prime DCNM is a management solution for data centers. This rule is particularly looking for requests aimed to manipulate the 'chartid' parameter to gain unauthorized access to files and directories outside the intended path.