ET EXPLOIT Suspected Exim External Auth Overflow (CVE-2023-42115)
Sourceet/open
Fileemerging-exploit.rules
CreatedOctober 3, 2023
UpdatedOctober 3, 2023
Classificationattempted-admin
alert smtp any any -> $HOME_NET any (msg:"ET EXPLOIT Suspected Exim External Auth Overflow (CVE-2023-42115)"; flow:established; flowbits:isset,ET.eximsmtp ; content:"auth|20|"; nocase; fast_pattern; pcre:"/^(?:(?:[^A\r\n]+[A])(?:[^A\r\n]+[A])){2,}/R" ; reference:url,www.zerodayinitiative.com/advisories/ZDI-23-1469/ ; reference:url,labs.watchtowr.com/exim-0days-90s-vulns-in-90s-software/ ; reference:cve,2023-42115 ; classtype:attempted-admin; sid:2048390; rev:1; metadata:attack_target SMTP_Server, created_at 2023_10_03, cve CVE_2023_42115, deployment Perimeter, deployment SSLDecrypt, performance_impact Significant, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_10_03, reviewed_at 2023_10_03; target:dest_ip;)
References
Metadata
attack targetSMTP_Server
created at2023_10_03
deploymentSSLDecrypt
performance impactSignificant
confidenceLow
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_10_03
reviewed at2023_10_03
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!