ET EXPLOIT Microsoft LDAP Referral Response Inbound (CVE-2024-49113)

SID: 2059017Rev: 1112 views
Sourceet/open
CreatedJanuary 7, 2025
UpdatedJanuary 7, 2025
Classificationattempted-dos
alert udp $EXTERNAL_NET 389 -> $HOME_NET any (msg:"ET EXPLOIT Microsoft LDAP Referral Response Inbound (CVE-2024-49113)"; content:"|30|"; depth:1; content:"|04|"; distance:2; within:1; content:"|65|"; distance:4; within:1; content:"|0a 01|"; distance:1; within:2; content:"|a3|"; distance:0; content:"ldap"; within:7; pcre:"/^s?\x3a\x2f{2}/R"; reference:url,www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49113/; reference:cve,2024-49113; classtype:attempted-dos; sid:2059017; rev:1; metadata:affected_product Windows_11, affected_product Windows_Server_2019, affected_product Windows_Server_2022, affected_product Windows_Server_2016, affected_product Windows_10, affected_product Windows_Server_2012, attack_target Networking_Equipment, created_at 2025_01_07, cve CVE_2024_49113, deployment Perimeter, deployment Internal, performance_impact Moderate, confidence High, signature_severity Major, tag Exploit, updated_at 2025_01_07, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1498, mitre_technique_name Network_Denial_of_Service; target:dest_ip;)

References

urlwww.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49113/
cve2024-49113

Metadata

affected productWindows_Server_2012
attack targetNetworking_Equipment
created at2025_01_07
deploymentInternal
performance impactModerate
confidenceHigh
signature severityMajor
tagExploit
updated at2025_01_07
mitre tactic idTA0040
mitre tactic nameImpact
mitre technique idT1498
mitre technique nameNetwork_Denial_of_Service

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!