Versions (4)
Version DetailsCurrent
Rev: 2 • Jan 28, 2022, 12:00 PMET EXPLOIT Sangoma Asterisk Originate AMI RCE (CVE-2019-18610) (PoC Based)
alert tcp any any -> any any (msg:"ET EXPLOIT Sangoma Asterisk Originate AMI RCE (CVE-2019-18610) (PoC Based)"; content:"Action|3a 20|Originate"; nocase; distance:0; fast_pattern; content:"Data|3a|"; nocase; distance:0; content:"|20|/tmp/"; nocase; within:45; reference:cve,2019-18610; classtype:attempted-admin; sid:2035014; rev:2; metadata:created_at 2022_01_28, cve CVE_2019_18610, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_01_28;)
Jan 28, 2022, 12:00 PM
Jan 28, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 8, 2025, 9:34 PM
rules/emerging-exploit.rules