FortiNDRCloud
SaaS based NDR solution providing 365 days data retention, along with Technical Success Manager
kcheung
Staff
Staff
Article Id 313024
Description

C-DATA is a leading provider of data access and connectivity solutions.

 

C-DATA Web Management System has a remote code execution vulnerability which allows attackers to send a specially crafted HTTP POST request to the application and execute arbitrary OS commands on the target system.

CVE ID

CVE-2022-4257 (https://nvd.nist.gov/vuln/detail/CVE-2022-4257)

NDR Cloud Detection Rule

FortiNDR Cloud v2024.4+ 

Detection Rule Name

Category

Primary MITRE ID

FortiGuard Outbreak Alert: C-DATA Web Management Remote Code Execution

Attack: Exploitation 

T1190 - Exploit Public-Facing Application

Playbook

N/A

Threat hunting

FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “C-DATA Web Management System RCE Attack” related activities
IOC source: https://www.fortiguard.com/outbreak-ioc?tag=c%20data%20rce%20attack
Suricata Coverage N/A

Other Fortinet Products


For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to  
https://www.fortiguard.com/outbreak-alert/c-data-rce-attack

Contributors