Versions (4)
Version DetailsCurrent
Rev: 1 • May 1, 2020, 12:00 PMET EXPLOIT Possible SaltStack Authentication Bypass CVE-2020-11651 M2
alert tcp any any -> any 4506 (msg:"ET EXPLOIT Possible SaltStack Authentication Bypass CVE-2020-11651 M2"; flow:established,to_server; content:"_send_pub"; reference:url,labs.f-secure.com/advisories/saltstack-authorization-bypass; reference:cve,2020-11651; classtype:attempted-admin; sid:2030072; rev:1; metadata:affected_product Linux, created_at 2020_05_01, cve CVE_2020_11651, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_05_01, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
May 1, 2020, 12:00 PM
May 1, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 18, 2025, 8:36 PM
rules/emerging-exploit.rules