OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself.
OS-WINDOWS SMB replay attempt via NTLMSSP - overlapping encryption keys detected
Microsoft Windows 2000, Windows XP, Server 2003, Vista, and Server 2008 allows remote SMBv1 servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability."
Snort has detected traffic targeting vulnerabilities in SMBv1 on Windows-based operating systems.
No public information
No known false positives
Cisco Talos Intelligence Group This document was generated from data supplied by the U.S. National Vulnerability Database, a product of the U.S. National Institute of Standards and Technology. For more information see [nvd].
No rule groups
CVE-2008-4037 |
Loading description
|
CVE-2008-3009 |
Loading description
|
CVE-2009-0550 |
Loading description
|
CVE-2009-1930 |
Loading description
|
CVE-2010-0231 |
Loading description
|
CVE-2000-0834 |
Loading description
|
CVE-2015-0005 |
Loading description
|
Tactic: Lateral Movement
Technique: Pass the Hash
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org