ET EXPLOIT F5 BIG-IP - Successful Command Execution via util/bash - Suricata Rule 2049260 (et/open)

ET EXPLOIT F5 BIG-IP - Successful Command Execution via util/bash

SID: 2049260Rev: 333 viewsHistory

Sourceet/open

CreatedNovember 20, 2023

UpdatedJanuary 20, 2026

Classificationsuccessful-admin

alert http $HOME_NET any -> any any (msg:"ET EXPLOIT F5 BIG-IP - Successful Command Execution via util/bash"; flow:established,to_client; flowbits:isset,ET.BIGIP.Bash; http.stat_code; content:"200"; http.response_body; content:"|22|command|22|"; content:"|22|utilCmdArgs|22|"; fast_pattern; classtype:successful-admin; sid:2049260; rev:3; metadata:affected_product F5, attack_target Networking_Equipment, created_at 2023_11_20, deployment Perimeter, deployment SSLDecrypt, former_category INFO, performance_impact Low, confidence High, signature_severity Major, updated_at 2026_01_20; target:src_ip;)

Metadata

affected productF5

attack targetNetworking_Equipment

created at2023_11_20

deploymentSSLDecrypt

former categoryINFO

performance impactLow

confidenceHigh

signature severityMajor

updated at2026_01_20

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!