""ET EXPLOIT Possible Barracuda Email Security Gateway Remote Code Execution Attempt (CVE-2023-2868) M1""
SID: 2046280
Revision: 1
Class Type: attempted-admin
Metadata: affected_product Barracuda_ESG, attack_target SMTP_Server, created_at 2023_06_15, cve CVE_2023_2868, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, updated_at 2023_09_21, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application
Reference:
-
cve
-
2023-2868
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $SMTP_SERVERS
Destination Port: [25,587]
Flow: established,to_server
Contents:
-
Value: "|75 73 74 61 72|"
-
Value: "|27 60|"
-
Value: "|60 27|"
Within: 500
PCRE:
Special Options:
-
file_data
-
fast_pattern