""ET EXPLOIT CISCO FIREWALL SNMP Buffer Overflow Extrabacon (CVE-2016-6366)""
SID: 2023086
Revision: 1
Class Type: misc-attack
Metadata: affected_product Cisco_ASA, attack_target Server, created_at 2016_08_25, cve CVE_2016_6366, deployment Datacenter, performance_impact Low, confidence High, signature_severity Critical, updated_at 2016_08_25
Reference:
-
cve
-
2016-6366
Protocol: udp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: 161
Flow:
Contents:
-
Value: "|06 01 04 01 09 09 83 6B|"
-
Value: "|81 10 81 10 81 10 81 10 81 10 81 10 81 10 81 10|"
Within: 160
PCRE: "/^(?:\x01(?:(?:\x01(?:(?:\x04(?:(?:\x03(?:\x01(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b])?)?|\x04(?:\x01(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b])?)?|\x01(?:\x01(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a])?)?|\x02(?:\x01(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a])?)?))?|\x01(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c])?|\x02(?:[\x01\x02\x03\x04])?|\x03(?:[\x01\x02])?))?|\x03(?:(?:\x03(?:\x01(?:\x01(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e])?)?)?|\x01(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13])?|\x02(?:[\x01\x02])?))?|\x05(?:(?:\x02(?:\x01(?:[\x01\x02\x03\x04\x05\x06\x07])?)?|\x01(?:[\x01\x02\x03])?))?|\x02(?:(?:[\x01\x02]|\x03(?:\x01(?:[\x01\x02\x03])?)?))?|\x06(?:\x01(?:[\x01\x02\x03\x05\x06\x07\x08\x09\x0a\x0b])?)?|\x07(?:[\x01\x02])?|\x04))?|\x02(?:(?:\x02(?:[\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c])?|(?:\x01)?\x01))?)/Rsi"
Special Options:
- fast_pattern