ET EXPLOIT Possible Palo Alto SSL VPN sslmgr Format String Vulnerability (Inbound) (CVE-2019-1579)

SID: 2027723Rev: 40 viewsHistory

Sourceet/open

CreatedJuly 18, 2019

UpdatedSeptember 17, 2020

Classificationattempted-admin

alert http $EXTERNAL_NET any -> any any (msg:"ET EXPLOIT Possible Palo Alto SSL VPN sslmgr Format String Vulnerability (Inbound) (CVE-2019-1579)"; flow:to_server,established; http.method; content:"POST"; http.uri; content:"/sslmgr"; endswith; nocase; http.request_body; content:"scep-profile-name=%"; depth:19; fast_pattern; pcre:"/^[0-9]+/R"; reference:url,blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html; classtype:attempted-admin; sid:2027723; rev:4; metadata:attack_target Server, created_at 2019_07_18, cve CVE_2019_1579, deployment Perimeter, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_17;)

References

url	blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html

Metadata

attack targetServer

created at2019_07_18

cveCVE-2019-1579

deploymentPerimeter

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_09_17

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!