ET EXPLOIT [401TRG] Possible Zerologon (CVE-2020-1472) M2

SID: 2030889Rev: 11 viewsHistory

Sourceet/open

CreatedSeptember 18, 2020

UpdatedSeptember 18, 2020

Classificationattempted-admin

alert tcp-pkt any any -> any any (msg:"ET EXPLOIT [401TRG] Possible Zerologon (CVE-2020-1472) M2"; flow:established,to_server; flowbits:isset,dcerpc.rpcnetlogon; content:"|05 00 00|"; depth:3; content:"|1a 00|"; distance:19; within:3; content:"|00 00 00 00 00 00 00 00|"; isdataat:!5,relative; threshold:type both, track by_src, seconds 60, count 3; reference:cve,2020-1472; classtype:attempted-admin; sid:2030889; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, created_at 2020_09_18, cve CVE_2020_1472, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_18;)

References

cve

2020-1472

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit

created at2020_09_18

cveCVE-2020-1472

deploymentInternal

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_09_18

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!