SID 1:53213

Report a false positive

Rule Category

PROTOCOL-OTHER -- Snort alerted on traffic known to exploit vulnerabilities in protocols that do not fit into one of the other protocol rule categories.

Alert Message

PROTOCOL-OTHER MQTT Connect control packet detected

Rule Explanation

This event is generated when a Cesanta Mongoose MQTT 'parse_mqtt' integer overflow attempt is detected. Impact: Attempted Denial of Service Possible out of bounds read/write Details: This affects Cesanta Mongoose versions prior to 6.16 Ease of Attack: Must be connected to a MQTT service to attack this

What To Look For

This rule occurs when an attacker connects to a MQTT service and sends buffer length information containing an integer overflow.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

None

Additional Links

docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718009

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None