ET DELETED Possible Attempted SMB RCE Exploitation M2 (CVE-2020-0796)

SID: 2030264Rev: 31 views
History
Sourceet/open
CreatedJune 8, 2020
UpdatedJuly 29, 2021
Classificationattempted-admin
alert smb any any -> $HOME_NET any (msg:"ET DELETED Possible Attempted SMB RCE Exploitation M2 (CVE-2020-0796)"; flow:established,to_server; content:"|FF C9 8B 34 8B 4C 01 FE|"; fast_pattern; reference:url,github.com/chompie1337/SMBGhost_RCE_PoC; reference:cve,2020-0796; classtype:attempted-admin; sid:2030264; rev:3; metadata:affected_product SMBv3, created_at 2020_06_08, deployment Perimeter, deployment Internal, performance_impact Low, signature_severity Major, tag SMBGhost, tag CISA_KEV, updated_at 2021_07_29;)

References

urlgithub.com/chompie1337/SMBGhost_RCE_PoC
cve2020-0796

Metadata

affected productSMBv3
created at2020_06_08
deploymentInternal
performance impactLow
signature severityMajor
tagCISA_KEV
updated at2021_07_29

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!