HTTP2: Delta Electronics InfraSuite Device Master fieldExtraInfo Insecure Deserialization
This signature detects attempts to exploit a known vulnerability against Delta Electronics InfraSuite Device Master. A successful attack can lead to arbitrary code execution.
Extended Description
Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication.
References
CVE: CVE-2024-10456
URL: https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01 http://www.zerodayinitiative.com/advisories/ZDI-23-1754/ http://www.zerodayinitiative.com/advisories/ZDI-23-1753/ https://www.cisa.gov/news-events/ics-advisories/icsa-24-303-03 http://www.zerodayinitiative.com/advisories/ZDI-24-1457/
Short Name
HTTP2:DELTA-INFRA-INSEC-DRLZ
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP2
Keywords
CVE-2023-47207 CVE-2024-10456 Delta Deserialization Device Electronics InfraSuite Insecure Master fieldExtraInfo
Release Date
08/12/2024
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
Sigpack Version
3766
False Positive
Rarely