ET EXPLOIT Possible Exim 4.87-4.91 RCE Attempt Inbound (CVE-2019-10149)

SID: 2027442Rev: 40 viewsHistory

Sourceet/open

CreatedJune 7, 2019

UpdatedAugust 19, 2020

Classificationattempted-admin

alert smtp any any -> $SMTP_SERVERS any (msg:"ET EXPLOIT Possible Exim 4.87-4.91 RCE Attempt Inbound (CVE-2019-10149)"; flow:established,to_server; content:"RCPT|20|TO"; content:"|24 7b|run|7b|"; within:12; fast_pattern; content:"|7d 7d 40|"; distance:0; reference:url,www.qualys.com/2019/06/05/cve-2019-10149/return-wizard-rce-exim.txt; classtype:attempted-admin; sid:2027442; rev:4; metadata:attack_target SMTP_Server, created_at 2019_06_07, cve CVE_2019_10149, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2020_08_19;)

References

url	www.qualys.com/2019/06/05/cve-2019-10149/return-wizard-rce-exim.txt

Metadata

attack targetSMTP_Server

created at2019_06_07

cveCVE-2019-10149

deploymentPerimeter

performance impactLow

confidenceMedium

signature severityMajor

tagCISA_KEV

updated at2020_08_19

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!