ET EXPLOIT Cisco Catalyst Remote Code Execution (CVE-2017-3881)

7.0.35.0SID: 2024194Rev: 2Enabled2 views
Sourceet/open
Fileemerging-exploit.rules
CreatedApril 10, 2017
UpdatedMarch 7, 2024
Classificationattempted-user
alert tcp any any -> $HOME_NET 23 (msg:"ET EXPLOIT Cisco Catalyst Remote Code Execution (CVE-2017-3881)"; flow:established,to_server; content:"|ff fa 24 00 03|CISCO_KITS"; content:"|3a|"; distance:2; within:1; isdataat:160,relative; content:!"|3a|"; within:160; reference:url,artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/; classtype:attempted-user; sid:2024194; rev:2; metadata:affected_product CISCO_Catalyst, attack_target IoT, created_at 2017_04_10, cve CVE_2017_3881, deployment Datacenter, performance_impact Low, confidence Medium, signature_severity Critical, tag CISA_KEV, updated_at 2024_03_07, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)

Metadata

affected productCISCO_Catalyst
attack targetIoT
created at2017_04_10
deploymentDatacenter
performance impactLow
confidenceMedium
signature severityCritical
tagCISA_KEV
updated at2024_03_07
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!