""ET EXPLOIT Cisco Catalyst Remote Code Execution (CVE-2017-3881)""
SID: 2024194
Revision: 1
Class Type: attempted-user
Metadata: affected_product CISCO_Catalyst, attack_target IoT, created_at 2017_04_10, cve CVE_2017_3881, deployment Datacenter, performance_impact Low, signature_severity Critical, updated_at 2017_04_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: 23
Flow: to_server,established
Contents:
-
Value: "|ff fa 24 00 03|CISCO_KITS"
-
Value: "|3a|"
-
Value: !"|3a|"
Within: 160
PCRE:
Special Options: