alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Possible Cisco RV320 RCE Attempt (CVE-2019-1652)"; flow:established,to_server; content:"POST"; http_method; content:"/certificate_handle2.htm?type="; http_uri; content:"page=self_generator.htm&totalRules="; http_client_body; depth:35; fast_pattern; content:"|25 32 37 25 32 34 25 32 38|"; http_client_body; distance:0; metadata: former_category EXPLOIT; reference:url,; classtype:trojan-activity; sid:2026860; rev:1; metadata:attack_target Networking_Equipment, deployment Perimeter, cve 2019_1652, signature_severity Major, created_at 2019_01_29, performance_impact Low, updated_at 2019_01_29;)

Added 2019-01-29 18:40:10 UTC

Topic revision: r1 - 2019-01-29 - TWikiGuest
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats