Versions (5)
Version DetailsCurrent
Rev: 1 • Apr 6, 2018, 12:00 PMET EXPLOIT Possible CVE-2018-0171 Exploit (PoC based)
alert tcp any any -> $HOME_NET 4786 (msg:"ET EXPLOIT Possible CVE-2018-0171 Exploit (PoC based)"; flow:established,to_server; content:"|00 00 00 01 00 00 00 01 00 00 00 07|"; depth:12; content:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; distance:12; within:36; content:"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"; distance:4; within:44; reference:cve,2018-0171; reference:url,embedi.com/blog/cisco-smart-install-remote-code-execution/; classtype:attempted-admin; sid:2025472; rev:1; metadata:affected_product Cisco_ASA, attack_target Networking_Equipment, created_at 2018_04_06, cve CVE_2018_0171, deployment Perimeter, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Apr 6, 2018, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 29, 2025, 9:34 PM
rules/emerging-exploit.rules