Detecting Or Hunting For CVE-2025-0108

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Detecting Or Hunting For CVE-2025-0108

L0 Member

Hello Folks,

 

I am looking for a ways to detect the attempt for this vulnerability through SIEM. Based on the blogs available the vulnerability can be exploited by accessing URL with "unauth" on management interface. So I am thinking to look for web interface access logs with keyword "unauth". However, I would like your help to get below details.

 

1. Which log will provide management IP address?

2. Whenever a user accesses the management IP through web, which type of logs will provides access log? (traffic, config, system etc.)

3. Which type of log will give full URL when user access web interface.

 

Feel free to guide my any resource that provide this information.

 

Thanks in advance.

 

Regards,

Ameer Mane

1 REPLY 1

Community Team Member

Hi @ameermane ,

 

You can check the system logs and query for ( eventid eq 'auth-fail' ) or for all logs related to auth ( subtype eq 'auth' )

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 318 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!