ET EXPLOIT CISCO FIREWALL SNMP Buffer Overflow Extrabacon (CVE-2016-6366)

SID: 2023086Rev: 11 viewsHistory

Sourceet/open

CreatedAugust 25, 2016

UpdatedJuly 26, 2019

Classificationmisc-attack

alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"ET EXPLOIT CISCO FIREWALL SNMP Buffer Overflow Extrabacon (CVE-2016-6366)"; content:"|06 01 04 01 09 09 83 6B|"; pcre:"/^(?:\x01(?:(?:\x01(?:(?:\x04(?:(?:\x03(?:\x01(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b])?)?|\x04(?:\x01(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b])?)?|\x01(?:\x01(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a])?)?|\x02(?:\x01(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a])?)?))?|\x01(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c])?|\x02(?:[\x01\x02\x03\x04])?|\x03(?:[\x01\x02])?))?|\x03(?:(?:\x03(?:\x01(?:\x01(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e])?)?)?|\x01(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13])?|\x02(?:[\x01\x02])?))?|\x05(?:(?:\x02(?:\x01(?:[\x01\x02\x03\x04\x05\x06\x07])?)?|\x01(?:[\x01\x02\x03])?))?|\x02(?:(?:[\x01\x02]|\x03(?:\x01(?:[\x01\x02\x03])?)?))?|\x06(?:\x01(?:[\x01\x02\x03\x05\x06\x07\x08\x09\x0a\x0b])?)?|\x07(?:[\x01\x02])?|\x04))?|\x02(?:(?:\x02(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c])?|(?:\x01)?\x01))?)/Rsi"; content:"|81 10 81 10 81 10 81 10 81 10 81 10 81 10 81 10|"; within:160; fast_pattern; reference:cve,2016-6366; classtype:misc-attack; sid:2023086; rev:1; metadata:affected_product Cisco_ASA, attack_target Server, created_at 2016_08_25, cve CVE_2016_6366, deployment Datacenter, performance_impact Low, confidence High, signature_severity Critical, tag CISA_KEV, updated_at 2019_07_26;)

References

cve

2016-6366

Metadata

affected productCisco_ASA

attack targetServer

created at2016_08_25

cveCVE-2016-6366

deploymentDatacenter

performance impactLow

confidenceHigh

signature severityCritical

tagCISA_KEV

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!