ET EXPLOIT DynoRoot DHCP - Client Command Injection - Suricata Rule 2025765 (et/open)

ET EXPLOIT DynoRoot DHCP - Client Command Injection

SID: 2025765Rev: 21 viewsHistory

Sourceet/open

CreatedJune 29, 2018

UpdatedJuly 26, 2019

Classificationattempted-admin

alert udp any 67 -> any 68 (msg:"ET EXPLOIT DynoRoot DHCP - Client Command Injection"; content:"|02|"; depth:1; content:"|35 01 05 fc|"; distance:0; content:"|2f|bin|2f|sh"; fast_pattern; distance:0; reference:url,exploit-db.com/exploits/44652/; reference:cve,2018-1111; classtype:attempted-admin; sid:2025765; rev:2; metadata:attack_target Networking_Equipment, created_at 2018_06_29, cve CVE_2018_1111, deployment Datacenter, performance_impact Low, confidence Medium, signature_severity Critical, updated_at 2019_07_26, reviewed_at 2024_04_03, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services;)

References

url	exploit-db.com/exploits/44652/
cve	2018-1111

Metadata

attack targetNetworking_Equipment

created at2018_06_29

cveCVE-2018-1111

deploymentDatacenter

performance impactLow

confidenceMedium

signature severityCritical

updated at2019_07_26

reviewed at2024_04_03

mitre tactic idTA0008

mitre tactic nameLateral_Movement

mitre technique idT1210

mitre technique nameExploitation_Of_Remote_Services

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!