ET EXPLOIT Cisco Catalyst Remote Code Execution (CVE-2017-3881)
Sourceet/open
Fileemerging-exploit.rules
CreatedApril 10, 2017
UpdatedMarch 7, 2024
Classificationattempted-user
alert tcp any any -> $HOME_NET 23 (msg:"ET EXPLOIT Cisco Catalyst Remote Code Execution (CVE-2017-3881)"; flow:established,to_server ; content:"|ff fa 24 00 03|CISCO_KITS"; content:"|3a|"; distance:2; within:1; isdataat:160,relative ; content:!"|3a|"; within:160; reference:url,artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/ ; classtype:attempted-user; sid:2024194; rev:2; metadata:affected_product CISCO_Catalyst, attack_target IoT, created_at 2017_04_10, cve CVE_2017_3881, deployment Datacenter, performance_impact Low, confidence Medium, signature_severity Critical, tag CISA_KEV, updated_at 2024_03_07, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Metadata
affected productCISCO_Catalyst
attack targetIoT
created at2017_04_10
deploymentDatacenter
performance impactLow
confidenceMedium
signature severityCritical
tagCISA_KEV
updated at2024_03_07
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!