ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) - Suricata Rule 2030502 (et/open)

ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173)

SID: 2030502Rev: 12 viewsHistory

Sourceet/open

CreatedJuly 13, 2020

UpdatedJuly 13, 2020

Classificationattempted-admin

alert http $EXTERNAL_NET any -> any any (msg:"ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"ping.cgi?pingIpAddress="; fast_pattern; content:"|3b|"; distance:0; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/new-mirai-variant-expands-arsenal-exploits-cve-2020-10173/; reference:cve,2020-10173; classtype:attempted-admin; sid:2030502; rev:1; metadata:attack_target Networking_Equipment, created_at 2020_07_13, cve CVE_2020_10173, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_07_13, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services;)

References

url	blog.trendmicro.com/trendlabs-security-intelligence/new-mirai-variant-expands-arsenal-exploits-cve-2020-10173/
cve	2020-10173

Metadata

attack targetNetworking_Equipment

created at2020_07_13

cveCVE-2020-10173

deploymentPerimeter

performance impactLow

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_07_13

mitre tactic idTA0008

mitre tactic nameLateral_Movement

mitre technique idT1210

mitre technique nameExploitation_Of_Remote_Services

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!