Et rule 2034984 - Magic-SigExplorer

""ET EXPLOIT SonicWall SMA Stack-Based Buffer Overflow CVE-2021-20038 M1""

SID: 2034984

Revision: 1

Class Type: attempted-admin

Metadata: attack_target Server, created_at 2022_01_26, cve CVE_2021_20038, deployment Perimeter, deployment Internal, signature_severity Major, tag Exploit, updated_at 2022_01_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application

Reference:

cve
2021-20038

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: [$HOME_NET,$HTTP_SERVERS]

Destination Port: any

Flow: established,to_server

Contents:

Value: "GET /%" Depth: 6
Value: "%64%b8%06%08"
Value: "?"

Within: 55

PCRE: "/^[a-zA-Z0-9]{2}[%a-zA-Z0-9]{9}(?P(?:[%a-zA-Z0-9]{3}){4})(?P=addr)/R"

Special Options:

fast_pattern

source