Intrusion PreventionRemote.CMD.Shell
Description
This indicates an attack attempt to launch a remote command shell.
Attackers may inject shell code or run a malicious script that can bring up a command prompt as a remote console. This provides attackers with complete access to the victim system without any authentication.
Affected Products
Any unprotected Windows or Linux system is vulnerable to the attack.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Monitor the traffic from that network for any suspicious activity.
Use AntiVirus software to scan and clean the system.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-04-16 | 27.769 | Sig Added |
| 2024-04-04 | 27.761 | Modified |
| 2024-04-03 | 27.760 | Modified |
| 2024-01-23 | 26.720 | Sig Added |
| 2024-01-22 | 26.719 | Sig Added |
| 2023-12-20 | 26.700 | Sig Added |
| 2023-11-01 | 26.669 | Sig Added |
| 2023-10-05 | 25.651 | Sig Added |
| 2023-09-28 | 25.646 | Sig Added |
| 2023-08-30 | 25.630 | Sig Added |
| ID | 12449 |
| Created | Sep 11, 2006 |
| Updated | Apr 17, 2024 |
| Risk |
|
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |