CVE-2020-5722 Exploitation Attempt

calendar Aug 21, 2020  ·
Share on: linkedin copy

Detection of CVE-2020-5722 observed from our Honeypots

Sigma rule (View on GitHub)

 1title: CVE-2020-5722 Exploitation Attempt
 2id: 23caf8be-ffda-4105-8674-a98a6dbf9765
 3status: experimental
 4description: Detection of CVE-2020-5722 observed from our Honeypots
 5references:
 6  - https://www.exploit-db.com/exploits/48247
 7author: Loginsoft Research Unit 
 8date: 2020/06/19
 9logsource:
10  product: grandstream
11  category: webserver
12detection:
13  selection:
14    cs-method: 'POST'
15    c-uri: '/cgi' 
16    c-uri-query|contains: 'action=sendPasswordEmail&user_name=*or' 
17  keywords:
18      -  '`wget$*{IFS}'
19      -  '{IFS}/bin/bash'
20  condition: selection and keywords
21falsepositives:
22  - Unknown
23level: high```

References

to-top