Webserver Rce

Vulnerability updated 2 months ago (2024-11-29T14:45:45.188Z)

Download STIX

Preview STIX

Webserver RCE is a software vulnerability, a flaw in the design or implementation of software that can be exploited by malicious actors. One such actor is Kyton, a Gafgyt/Mirai hybrid botnet, which reuses code from other Mirai variants to exploit several vulnerabilities including CVE-2017-17215 (Huawei Router HG532), JAWS Webserver RCE, and CVE-2014-8361 (Realtek SDK). These vulnerabilities allow the botnet to gain unauthorized access to systems and potentially cause significant damage. Initial access by the UNSTABLE Botnet, another variant of Mirai, specifically targets the JAWS Webserver RCE vulnerability, also known as CVE-2016-20016. This botnet retrieves the downloader script "jaws" from an identified IP address. The script includes multiple binary files for 13 different architectures, which are executed using the parameter “jaws.exploit”. The UNSTABLE Botnet uses XOR encoding for its configuration, adding an additional layer of complexity to its operations. There has been a notable spike in IPS detections related to MVPower CCTV DVR models, also vulnerable to the JAWS webserver RCE (CVE-2016-20016). This vulnerability was previously seen to be exploited in the wild through 2017 and continues to be a threat. The advisory emphasizes the importance of addressing these vulnerabilities promptly to prevent potential exploitation and subsequent damage.

Description last updated: 2024-06-25T18:16:38.103Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
CVE-2016-20016 is a possible alias for Webserver Rce. CVE-2016-20016 is a significant software vulnerability identified in MVPower CCTV DVR systems. This flaw, known as a remote code execution vulnerability, allows unauthorized users to execute arbitrary code on the system remotely, potentially leading to full system compromise. The vulnerability, also	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Exploit

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Webserver Rce Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Fortinet	7 months ago	The Growing Threat of Malware Concealed Behind Cloud Services \| FortiGuard Labs
Fortinet	2 years ago	2022 IoT Threat Review \| FortiGuard Labs
Securityaffairs	2 years ago	Fortinet warns of a spike in attacks against TBK DVR devices