Yet More Unauth Remote Command Execution Vulns in Firewalls - Sangfor Edition
Tags
attack-pattern: Data Credentials - T1589.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090
Show in Graph
Common Information
Type Value
UUID 46221076-a3d4-4981-81bf-f8e11e608182
Fingerprint b7288ed008352a0d
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 5, 2023, midnight
Added to db Nov. 17, 2024, 12:57 p.m.
Last updated Nov. 17, 2024, 9:42 p.m.
Headline Yet More Unauth Remote Command Execution Vulns in Firewalls - Sangfor Edition
Title Yet More Unauth Remote Command Execution Vulns in Firewalls - Sangfor Edition
Detected Hints/Tags/Attributes 75/1/27
Source URLs
Redirection Url
Details Source https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/
URL Provider
Details Provider Source level domain
Details watchtowr.com labs.watchtowr.com
Attributes
Details Type #Events CTI Value
Details Domain 72 
aws.amazon.com
Details Domain 1 
eng.utf8.lang.app
Details Domain 1 
chs.utf8.lang.app
Details Domain 1 
conf.new
Details File 1205 
index.php
Details File 1 
config_inc.php
Details File 12 
app.php
Details File 1 
diskerror.log
Details File 1 
adv_diskerror.log
Details File 1 
cfrontcontroller.php
Details File 94 
config.php
Details File 1 
fast_deploy.html
Details File 3 
proxy.html
Details File 207 
login.php
Details File 1 
proxy_cssp.html
Details File 2 
loginout.php
Details File 17 
redirect.php
Details File 2 
loadfile.php
Details File 1 
httphandler.php
Details File 1 
cfwloginoutdao.php
Details File 14 
cmd.txt
Details File 1 
loginmain.cpp
Details File 4 
login.log
Details IPv4 619 
0.0.0.0
Details IPv4 1441 
127.0.0.1
Details IPv4 18 
127.0.0.2
Details Url 1 
https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4