""ET EXPLOIT AnyDesk UDP Discovery Format String (CVE-2020-13160)""
SID: 2030348
Revision: 2
Class Type: attempted-user
Metadata: affected_product Any, attack_target Client_Endpoint, created_at 2020_06_16, cve CVE_2020_13160, deployment Perimeter, performance_impact Significant, signature_severity Major, updated_at 2020_06_16
Reference:
-
cve
-
2020-13160
Protocol: udp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: 50001
Flow:
Contents:
- Value: "|3e d1|" Depth: 2
Within:
PCRE: "/^.{11}([\xC0-\xC1]|[\xF5-\xFF]|\xE0[\x80-\x9F]|\xF0[\x80-\x8F]|\xC2-\xDF|\xE0-\xEF|\xF0-\xF4|(?<=[\x00-\x7F\xF5-\xFF])[\x80-\xBF]|(?<![\xC2-\xDF]|[\xE0-\xEF]|[\xE0-\xEF][\x80-\xBF]|[\xF0-\xF4]|[\xF0-\xF4][\x80-\xBF]|[\xF0-\xF4][\x80-\xBF]{2})[\x80-\xBF]|(?<=[\xE0-\xEF])\x80-\xBF|(?<=[\xF0-\xF4])\x80-\xBF|(?<=[\xF0-\xF4][\x80-\xBF])\x80-\xBF)/R"
Special Options: