virus logo Intrusion Prevention

FTP.Injection.Attack.Firewall.Bypass

description-logoDescription

This indicates an attack attempt to exploit a Command Injection vulnerability in multiple firewall.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the ftp traffic. A remote attacker may be able to exploit this to create connection with the host under the firewall protection via a crafted request.

affected-products-logoAffected Products

Multiple Firewall devices

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply appropriate patch from the vendor if available.

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html
ID 43727
Created Mar 07, 2017
Updated Apr 25, 2017
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS All
Affected App Other
Profile Type Code Injection