Rule History

alert http $EXTERNAL_NET any -> any any (msg:"ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"ping.cgi?pingIpAddress="; fast_pattern; content:"|3b|"; distance:0; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/new-mirai-variant-expands-arsenal-exploits-cve-2020-10173/; reference:cve,2020-10173; classtype:attempted-admin; sid:2030502; rev:1; metadata:attack_target Networking_Equipment, created_at 2020_07_13, cve CVE_2020_10173, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_07_13, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services;)