ET POLICY Potentially Vulnerable LibSSH Server Observed - Possible Authentication Bypass (CVE-2018-10933) - Suricata Rule 2026526 (et/open)

ET POLICY Potentially Vulnerable LibSSH Server Observed - Possible Authentication Bypass (CVE-2018-10933)

SID: 2026526Rev: 11 viewsHistory

Sourceet/open

CreatedOctober 19, 2018

UpdatedJuly 26, 2019

Classificationbad-unknown

alert tcp $EXTERNAL_NET $SSH_PORTS -> any any (msg:"ET POLICY Potentially Vulnerable LibSSH Server Observed - Possible Authentication Bypass (CVE-2018-10933)"; flow:from_server,established; content:"SSH-2.0-libssh-0."; depth:17; pcre:"/^[67]\.[01235]/R"; reference:url,www.libssh.org/security/advisories/CVE-2018-10933.txt; reference:url,github.com/blacknbunny/libSSH-Authentication-Bypass; reference:cve,2018-10933; classtype:bad-unknown; sid:2026526; rev:1; metadata:created_at 2018_10_19, cve CVE_2018_10933, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag CVE_2018_10933, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

url	www.libssh.org/security/advisories/CVE-2018-10933.txt
url	github.com/blacknbunny/libSSH-Authentication-Bypass
cve	2018-10933

Metadata

created at2018_10_19

cveCVE-2018-10933

deploymentInternal

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_07_26

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1190

mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!