ET EXPLOIT Silver Peak Unity Orchestrator Exploitation Inbound (CVE-2020-12146)

SID: 2031494Rev: 10 viewsHistory

Sourceet/open

CreatedJanuary 7, 2021

UpdatedJanuary 7, 2021

Classificationattempted-admin

alert http any any -> [$HTTP_SERVERS,$HOME_NET] any (msg:"ET EXPLOIT Silver Peak Unity Orchestrator Exploitation Inbound (CVE-2020-12146)"; flow:established,to_server; pcre:"/(localhost|127\.0\.0\.1)/W"; http.method; content:"POST"; http.uri; content:"/gms/rest/debugFiles/delete"; startswith; http.request_body; content:"../phantomGenImg.js"; fast_pattern; reference:cve,CVE-2020-12145; reference:url,github.com/sudohyak/suricata-rules/blob/main/CVE-2020-12146/CVE-2020-12146.rules; reference:cve,CVE-2020-12146; reference:cve,2020-12146; classtype:attempted-admin; sid:2031494; rev:1; metadata:attack_target Server, created_at 2021_01_07, cve CVE_2020_12146, deployment Perimeter, deployment Internal, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_01_07;)

References

cve	CVE-2020-12145
url	github.com/sudohyak/suricata-rules/blob/main/CVE-2020-12146/CVE-2020-12146.rules
cve	CVE-2020-12146
cve	2020-12146

Metadata

attack targetServer

created at2021_01_07

cveCVE-2020-12146

deploymentInternal

performance impactLow

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2021_01_07

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!