ET EXPLOIT Mikrotik Winbox RCE Attempt (CVE-2018-14847)

SID: 2025972Rev: 32 viewsHistory

Sourceet/open

CreatedAugust 6, 2018

UpdatedJuly 26, 2019

Classificationattempted-admin

alert tcp any any -> $HOME_NET any (msg:"ET EXPLOIT Mikrotik Winbox RCE Attempt (CVE-2018-14847)"; flow:established,to_server; content:"|680100664d320500ff010600ff09050700ff090701000021352f2f2f2f2f2e2f2e2e2f2f2f2f2f2f2e2f2e2e2f2f2f2f2f2f2e2f2e2e2f666c6173682f72772f73746f72652f757365722e6461740200ff88020000000000080000000100ff8802000200000002000000|"; offset:0; reference:url,github.com/mrmtwoj/0day-mikrotik; reference:url,www.helpnetsecurity.com/2018/08/03/mikrotik-cryptojacking-campaign; reference:cve,2018-14847; classtype:attempted-admin; sid:2025972; rev:3; metadata:affected_product Linux, attack_target Networking_Equipment, created_at 2018_08_06, cve CVE_2018_14847, deployment Perimeter, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2019_07_26;)

References

url	github.com/mrmtwoj/0day-mikrotik
url	www.helpnetsecurity.com/2018/08/03/mikrotik-cryptojacking-campaign
cve	2018-14847

Metadata

affected productLinux

attack targetNetworking_Equipment

created at2018_08_06

cveCVE-2018-14847

deploymentPerimeter

confidenceMedium

signature severityMajor

tagCISA_KEV

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!