Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Potential Juniper Path Traversal RCE Attempt (CVE-2022-22245)"; flow:established,to_server; http.request_line; content:"POST|20|/Upload.php|20|"; startswith; http.request_body; content:"fileName"; content:"|5c 2e 2e 5c 2e 2e 5c|"; distance:0; fast_pattern; reference:url,octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/; reference:cve,2022-22245; classtype:trojan-activity; sid:2039599; rev:2; metadata:created_at 2022_10_28, cve CVE_2022_22245, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)