alert tcp any any -> any 4506 (msg:"ET EXPLOIT Possible SaltStack Authentication Bypass CVE-2020-11651 M2"; flow:established,to_server; content:"_send_pub"; reference:url,labs.f-secure.com/advisories/saltstack-authorization-bypass; reference:cve,2020-11651; classtype:attempted-admin; sid:2030072; rev:1; metadata:affected_product Linux, created_at 2020_05_01, cve CVE_2020_11651, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_05_01, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)