ET DOS CallStranger - Attempted UPnP Reflected Amplified TCP with Multiple Callbacks (CVE-2020-12695) - Suricata Rule 2030339 (et/open)

ET DOS CallStranger - Attempted UPnP Reflected Amplified TCP with Multiple Callbacks (CVE-2020-12695)

SID: 2030339Rev: 20 viewsHistory

Sourceet/open

CreatedJune 15, 2020

UpdatedDecember 11, 2020

Classificationattempted-dos

alert http $EXTERNAL_NET any -> any any (msg:"ET DOS CallStranger - Attempted UPnP Reflected Amplified TCP with Multiple Callbacks (CVE-2020-12695)"; flow:established,to_server; http.method; content:"SUBSCRIBE"; http.header; content:"CALLBACK|3a 20|"; fast_pattern; nocase; content:"<http"; distance:0; content:"><http"; distance:0; pcre:"/^Callback\x3a\x20<http[^>]+><http/mi"; reference:url,github.com/yunuscadirci/CallStranger; reference:cve,2020-12695; classtype:attempted-dos; sid:2030339; rev:2; metadata:affected_product UPnP, attack_target IoT, created_at 2020_06_15, cve CVE_2020_12695, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_12_11;)

References

url	github.com/yunuscadirci/CallStranger
cve	2020-12695

Metadata

affected productUPnP

attack targetIoT

created at2020_06_15

cveCVE-2020-12695

deploymentPerimeter

performance impactLow

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_12_11

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!