Rule History

SID: 2051785 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 1 • Mar 25, 2024, 12:00 PM

Message:

ET EXPLOIT Possible Uniview IPC2322lb updatecpld Restricted Shell Bypass Attempt

Rule:

alert tcp any any -> $HOME_NET 23 (msg:"ET EXPLOIT Possible Uniview IPC2322lb updatecpld Restricted Shell Bypass Attempt"; flow:established,to_server; content:"User|40 2f|"; content:">updatecpld "; nocase; within:30; fast_pattern; reference:url,ssd-disclosure.com/ssd-advisory-uniview-ipc2322lb-auth-bypass-and-cli-escape/; classtype:bad-unknown; sid:2051785; rev:1; metadata:affected_product IoT, attack_target IoT, tls_state plaintext, created_at 2024_03_25, deployment Perimeter, confidence Low, signature_severity Major, updated_at 2024_03_25; target:dest_ip;)

Created:

Mar 25, 2024, 12:00 PM

Updated:

Mar 25, 2024, 12:00 PM

DB Created:

Mar 26, 2024, 12:00 AM

DB Updated:

Mar 26, 2024, 12:00 AM

Filename:

rules/emerging-exploit.rules