ATTACK [PTsecurity] MS Exchange 2010-2019 Possible privilege escalation (CVE-2018-8581)

SID: 10004420Rev: 130 views
History
Sourceptrules/open
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationattempted-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] MS Exchange 2010-2019 Possible privilege escalation (CVE-2018-8581)"; flow:established, to_server; content:"POST"; http_method; content:"SOAPAction"; http_header; content:"Authorization: NTLM"; http_header; content:"m:SendNotificationResponseMessage"; http_client_body; reference:url, dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/; reference:cve, 2018-8581; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10004420; rev:1;)

References

urldirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
cve2018-8581
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!