Rule History

alert tcp any any -> any any (msg: "ATTACK [PTsecurity] Possible Ivanti Avalanche RCE (CVE-2023-32560)"; flow: established, to_server; content: "|00 00 00 02 00 00 00 05|"; content: "h.mid"; distance: 4; within: 5; pcre: "/^.{20}\x00\x00\x00[\x03\x65]/R"; byte_test: 4, >, 340, 4, relative; reference: url, www.tenable.com/security/research/tra-2023-27; reference: cve, 2023-32560; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10010882; rev: 2;)