Versions (3)
Version DetailsCurrent
Rev: 1 • Nov 4, 2024, 12:00 PMET EXPLOIT PTZOptics PT30X Authentication Bypass Attempt Inbound (CVE-2024-8956)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT PTZOptics PT30X Authentication Bypass Attempt Inbound (CVE-2024-8956)"; flow:established,to_server; flowbits:set,ET.2024.8956; urilen:<43; http.uri; content:"|2f|cgi|2d|bin|2f|param|2e|cgi|3f|"; startswith; fast_pattern; pcre:"/^(?:(?:get\x5fnetwork\x5fconf)|(?:get\x5fsystem\x5fconf)|(?:get\x5fnetport\x5fconf)|(?:post\x5fnetwork\x5fother\x5fconf))$/R"; http.header_names; content:!"|0d 0a|authorization|0d 0a|"; nocase; reference:cve,2024-8956; reference:url,nvd.nist.gov/vuln/detail/CVE-2024-8956; reference:url,labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce; classtype:attempted-admin; sid:2057216; rev:1; metadata:affected_product IP_Camera, created_at 2024_11_04, cve CVE_2024_8956, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_04, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
Nov 4, 2024, 12:00 PM
Nov 4, 2024, 12:00 PM
Dec 3, 2024, 4:00 PM
Jul 8, 2025, 9:34 PM
rules/emerging-exploit.rules