alert tcp any any -> $HOME_NET 4786 (msg:"ET EXPLOIT Possible CVE-2018-0171 Exploit (PoC? based)"; flow:established,to_server; content:"|00 00 00 01 00 00 00 01 00 00 00 07|"; depth:12; content:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; distance:12; within:36; content:"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"; distance:4; within:44; metadata: former_category EXPLOIT; reference:cve,2018-0171; reference:url,embedi.com/blog/cisco-smart-install-remote-code-execution/; classtype:attempted-admin; sid:2025472; rev:1; metadata:affected_product Cisco_ASA, attack_target Networking_Equipment, deployment Perimeter, signature_severity Major, created_at 2018_04_06, updated_at 2018_04_06;)

Added 2018-04-06 16:18:55 UTC


Topic revision: r1 - 2018-04-06 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats