Et rule 2025972 - Magic-SigExplorer

""ET EXPLOIT Mikrotik Winbox RCE Attempt (CVE-2018-14847)""

SID: 2025972

Revision: 3

Class Type: attempted-admin

Metadata: affected_product Linux, attack_target Networking_Equipment, created_at 2018_08_06, cve CVE_2018_14847, deployment Perimeter, signature_severity Major, updated_at 2018_09_11

Reference:

cve
2018-14847

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_server

Contents:

Value: "|680100664d320500ff010600ff09050700ff090701000021352f2f2f2f2f2e2f2e2e2f2f2f2f2f2f2e2f2e2e2f2f2f2f2f2f2e2f2e2e2f666c6173682f72772f73746f72652f757365722e6461740200ff88020000000000080000000100ff8802000200000002000000|"

Offset: 0

Within:

PCRE:

Special Options:

source