Detection

Description

HTTP_HNAP1_RCE_EXPLOIT_NC_

HNAP (Home Network Administration Protocol) is a network device management protocol for managing, configuring and identifying network devices. This is a proprietary network protocol invented by Pure Networks, Inc. and acquired by Cisco Systems. This is very common on home routers. Additional and detailed information regarding the vulnerabilities related to HNAP can be found here. Make sure to apply the latest security patch provided by your third-party vendor to fix these vulnerabilities.

CVE-2018-10562-HTTP_GPON_RCE_REQUEST_NC_

This is a common remote code execution vulnerability on Dasan GPON home router Additional and detailed information regarding the vulnerabilities related to Dasan GPON can be found here. Make sure to apply the latest security patch provided by your third-party vendor to fix these vulnerabilities.

HTTP_JAWS_RCE_EXPLOIT_NC_

This is a common remote code execution exploit on JAWS web application. Additional and detailed information regarding the vulnerabilities related to JAWS web application can be found here. Make sure to apply the latest security patch provided by your third-party vendor to fix these vulnerabilities.

Common Command & Control Inbound Detection in Apex One

Product / Version includes:

Apex OneAll

Last updated: 2021/08/28

Solution ID: KA-0011917

Category: Remove a Malware / Virus

Summary

Adversaries are constantly performing mass-scan of the internet in search of vulnerable public-facing servers and IoT devices. Once they have found a list of vulnerable targets, they will now proceed in using the common exploits below to attempt gaining initial unauthorized access. It is typical on public-facing devices to encounter malicious inbound connections from external IP addresses. Below are the most common vulnerabilities and exploits that are being abused. These are only inbound connection attempts from the adversaries and don't necessarily mean that your environment is vulnerable and/or compromised.

The table below describes the most common C&C Inbound Detections of Apex One:

Detection	Description
HTTP_HNAP1_RCE_EXPLOIT_NC_	HNAP (Home Network Administration Protocol) is a network device management protocol for managing, configuring and identifying network devices. This is a proprietary network protocol invented by Pure Networks, Inc. and acquired by Cisco Systems. This is very common on home routers. Additional and detailed information regarding the vulnerabilities related to HNAP can be found here. Make sure to apply the latest security patch provided by your third-party vendor to fix these vulnerabilities.
CVE-2018-10562-HTTP_GPON_RCE_REQUEST_NC_	This is a common remote code execution vulnerability on Dasan GPON home router Additional and detailed information regarding the vulnerabilities related to Dasan GPON can be found here. Make sure to apply the latest security patch provided by your third-party vendor to fix these vulnerabilities.
HTTP_JAWS_RCE_EXPLOIT_NC_	This is a common remote code execution exploit on JAWS web application. Additional and detailed information regarding the vulnerabilities related to JAWS web application can be found here. Make sure to apply the latest security patch provided by your third-party vendor to fix these vulnerabilities.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Common Command & Control Inbound Detection in Apex One

Common Command & Control Inbound Detection in Apex One

Product / Version includes:

Summary