18 lines
1.5 KiB
Markdown
18 lines
1.5 KiB
Markdown
# CVE-2020-1350 (AKA SIGRed) v0.21
|
|
|
|
## Summary:
|
|
A Zeek package for detection of attempts to exploit Microsoft Windows DNS server via CVE-2020-1350 (AKA SIGRed - CVE Score of 10.0)
|
|
|
|
## References:
|
|
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
|
|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
|
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=ALAS-2020-1350
|
|
|
|
## Notices raised :
|
|
|
|
| Notice | Fidelity |
|
|
| -------- | ---------------------- |
|
|
|Potential CVE-2020-1350 Windows DNS exploit (CVE10) has been detected (large DNS response). Refer to links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=ALAS-2020-1350 and https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/|Medium|
|
|
|CVE-2020-1350 Windows DNS exploit (CVE10) has been detected (High Confidence, large SIG/KEY response). Refer to links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=ALAS-2020-1350 and https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/|High|
|
|
|Potential CVE-2020-1350 Windows DNS exploit (CVE10) has been detected (large DNS RRSIG/TKEY response). Refer to links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=ALAS-2020-1350 and https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/|Medium/High|
|