SERVER-WEBAPP HP System Management arbitrary command injection attempt
This alert is triggered when an adversary is attempting to exploit CVE-2013-3576 a command injection vulnerability in the HP System Management tool. This vulnerability allows attackers to execute arbitrary commands with the privileges of the application. HP System Management tool is a suite of utilities provided by Hewlett-Packard for server and network management.
ID Number
27105
Signature
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP HP System Management arbitrary command injection attempt"; flow:to_server,established; content:"/smhutil/snmpchp/"; fast_pattern:only; http_uri; content:"|3B|"; http_uri; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:bugtraq,60471; reference:cve,2013-3576; classtype:attempted-admin; sid:27105; rev:6;)
MITRE ATT&CK Technique
-
Severity
High
Recommendations/Investigative actions
It is recommended to ensure that the HP System Management software is up-to-date with the latest security patches to mitigate known vulnerabilities. Inspect logs to determine if the attempted exploitation was successful. Look for signs of unauthorized access or further exploitation attempts. If possible, block communication Attempts from external networks, or enable access from specific external devices only.