SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER Exim unauthenticated remote code execution attempt
The rule alerts when TLS `client hello` packet contains `server_name` SNI extension with trailing backslash `\\x00`
The rule alerts when TLS `client hello` packet contains `server_name` SNI extension with trailing backslash `\\x00`
Public information/Proof of Concept available
No known false positives
Cisco Talos Intelligence Group
Tactic: Initial Access
Technique: Exploit Public-Facing Application
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
CVE-2019-15846Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. |
|