ET SCAN UPnP SUBSCRIBE Inbound - Possible CallStranger Scan (CVE-2020-12695)

7.0.35.0SID: 2030272Rev: 3Enabled5 views
Sourceet/open
Fileemerging-scan.rules
CreatedJune 9, 2020
UpdatedApril 20, 2024
Classificationattempted-recon
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SCAN UPnP SUBSCRIBE Inbound - Possible CallStranger Scan (CVE-2020-12695)"; flow:established,to_server; http.method; content:"SUBSCRIBE"; nocase; http.header_names; to_lowercase; content:"|0d 0a|callback|0d 0a|"; fast_pattern; content:"|0d 0a|nt|0d 0a|"; reference:cve,2020-12695; reference:url,kb.cert.org/vuls/id/339275; classtype:attempted-recon; sid:2030272; rev:3; metadata:attack_target Client_Endpoint, created_at 2020_06_09, cve CVE_2020_12695, deployment Perimeter, confidence Medium, signature_severity Informational, updated_at 2024_04_20;)

Metadata

attack targetClient_Endpoint
created at2020_06_09
deploymentPerimeter
confidenceMedium
signature severityInformational
updated at2024_04_20

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!