""ET EXPLOIT Possible Cisco Data Center Network Manager - Authenticated File Upload (CVE-2019-1620)""
SID: 2033445
Revision: 1
Class Type: attempted-admin
Metadata: created_at 2021_07_27, cve CVE_2019_1620, updated_at 2021_07_27
Reference:
-
cve
-
2019-1620
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: [$HOME_NET,$HTTP_SERVERS]
Destination Port: any
Flow: established,to_server
Contents:
-
Value: "Cookie|3a|"
-
Value: "/fm/fileUpload"
-
Value: "application|2f|octet-stream"
-
Value: "name=|22|fname|22|"
-
Value: "name=|22|uploadDir|22|"
Within:
PCRE: "/\/fm\/fileUpload$/U"
Special Options:
-
fast_pattern
-
http_uri
-
http_client_body
-
http_client_body
-
http_client_body