pk/CapOne-Zeek-Docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
CapOne-Zeek-Docker/capitalone/external/CVE-2020-1350
History
Patrick Kelley 04da5c1250 Inital
2025-05-28 14:31:31 -04:00
..
scripts
Inital
2025-05-28 14:31:31 -04:00
__load__.zeek
Inital
2025-05-28 14:31:31 -04:00
bro-pkg.meta
Inital
2025-05-28 14:31:31 -04:00
CVE-2020-1350.zeek
Inital
2025-05-28 14:31:31 -04:00
LICENSE
Inital
2025-05-28 14:31:31 -04:00
README.md
Inital
2025-05-28 14:31:31 -04:00
zkg.meta
Inital
2025-05-28 14:31:31 -04:00

README.md

CVE-2020-1350 (AKA SIGRed) v0.21

Summary:

A Zeek package for detection of attempts to exploit Microsoft Windows DNS server via CVE-2020-1350 (AKA SIGRed - CVE Score of 10.0)

References:

https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=ALAS-2020-1350

Notices raised :

Notice Fidelity
Potential CVE-2020-1350 Windows DNS exploit (CVE10) has been detected (large DNS response). Refer to links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=ALAS-2020-1350 and https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/ Medium
CVE-2020-1350 Windows DNS exploit (CVE10) has been detected (High Confidence, large SIG/KEY response). Refer to links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=ALAS-2020-1350 and https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/ High
Potential CVE-2020-1350 Windows DNS exploit (CVE10) has been detected (large DNS RRSIG/TKEY response). Refer to links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=ALAS-2020-1350 and https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/ Medium/High