ET INFO Potentially Vulnerable LibSSH Server Observed - Possible Authentication Bypass (CVE-2018-10933)
Sourceet/open
Fileemerging-info.rules
CreatedOctober 19, 2018
UpdatedMarch 7, 2024
Classificationbad-unknown
alert tcp $EXTERNAL_NET $SSH_PORTS -> any any (msg:"ET INFO Potentially Vulnerable LibSSH Server Observed - Possible Authentication Bypass (CVE-2018-10933)"; flow:established,to_client ; content:"SSH-2.0-libssh-0."; depth:17; pcre:"/^[67]\.[01235]/R"; reference:url,www.libssh.org/security/advisories/CVE-2018-10933.txt ; reference:url,github.com/blacknbunny/libSSH-Authentication-Bypass ; reference:cve,2018-10933 ; classtype:bad-unknown; sid:2026526; rev:2; metadata:created_at 2018_10_19, cve CVE_2018_10933, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag CVE_2018_10933, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_07, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
References
Metadata
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!