ET EXPLOIT Possible Pulse Secure VPN RCE Inbound (CVE-2020-8218)

SID: 2030804Rev: 10 viewsHistory

Sourceet/open

CreatedAugust 27, 2020

UpdatedAugust 27, 2020

Classificationattempted-admin

alert http any any -> [$HTTP_SERVERS,$HOME_NET] any (msg:"ET EXPLOIT Possible Pulse Secure VPN RCE Inbound (CVE-2020-8218)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/downloadlicenses.cgi?cmd=download"; content:"&txtVLSAuthCode="; distance:0; fast_pattern; http.uri.raw; content:"%3b"; reference:url,www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/; classtype:attempted-admin; sid:2030804; rev:1; metadata:affected_product Pulse_Secure, created_at 2020_08_27, cve CVE_2020_8218, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_27;)

References

url	www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/

Metadata

affected productPulse_Secure

created at2020_08_27

cveCVE-2020-8218

deploymentSSLDecrypt

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_08_27

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!