ET EXPLOIT TeamViewer .tvs iFrame Observed (CVE-2020-13699)
Sourceet/open
Fileemerging-exploit.rules
CreatedAugust 10, 2020
UpdatedMarch 7, 2024
Classificationattempted-admin
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT TeamViewer .tvs iFrame Observed (CVE-2020-13699)"; flow:established,to_client ; http.response_body; content:"<iframe|20|"; content:"|20|src="; distance:0; pcre:"/^[\x22\x27]t(?:eamviewer(\d+|api)|v(c(hat|ontrol)|filetransfer|joinv|present|s(endfile|q(customer|support))|v(ideocall|pn))\d)/R" ; content:"|3a 20|--play"; distance:0; fast_pattern; content:".tvs"; distance:0; reference:url,www.bleepingcomputer.com/news/security/teamviewer-fixes-bug-that-lets-attackers-access-your-pc/ ; classtype:attempted-admin; sid:2030668; rev:2; metadata:attack_target Client_Endpoint, created_at 2020_08_10, cve CVE_2020_13699, deployment Perimeter, confidence High, signature_severity Major, tag Teamviewer, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_07;)
References
Metadata
attack targetClient_Endpoint
created at2020_08_10
deploymentPerimeter
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_07
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!