![TLP:AMBER](https://github.com/COVID-19-CTI-LEAGUE/PRIVATE_FEEDS/blob/master/MARKDOWN_RESOURCES/TLP-IMAGES/TLP-AMBER.jpg)

##


## Details and Analytics for exim_rce / CVE-2020-10149

- [NIST on CVE-2020-10149](https://nvd.nist.gov/vuln/detail/CVE-2020-10149)
- [Alert](alert_text.md) - Notes to that alert
- [Summary](summary.md): asn/country/network - based summary
- [Data](data) - all data, separated by country

The lists are generated based on combined shodan/OSINT-Queries.

If we detect a certain CVE with ( CVSS > 8 AND Remote AND Unauthenticated AND
(RCE OR PriviledgeEscalation OR FileAccess) or exploits going around,
we check if there is a posibility to catch all effected hosts/IPs
that could be prone of attacks/exploitation, via shodan and OSINT.

in a second step we analyse affected IPs and generate ASN/Country-Attribution
that will be placed in [data](data)


## Detail - Format (file and content)

- files are plaintext
- file_names are generated by CVE + country [CN]
 
-> CVE-20202-XXXX/CVE-2020-XXXXX-[CN].list


file_content:

~~~

Country: CZ 

147.228.XX.YY   | ASN.  2852 | CESNET2, CZ  
147.228.XX.YY   | ASN.  2852 | CESNET2, CZ  
195.113.20.168   | ASN.  2852 | CESNET2, CZ  
78.128.216.72    | ASN.  2852 | CESNET2, CZ  
193.85.156.216   | ASN.  5588 | GTSCE GTS Central Europe / Antel Germany, CZ  
193.85.156.216   | ASN.  5588 | GTSCE GTS Central Europe / Antel Germany, CZ  
193.85.156.216   | ASN.  5588 | GTSCE GTS Central Europe / Antel Germany, CZ  
193.85.156.216   | ASN.  5588 | GTSCE GTS Central Europe / Antel Germany, CZ  
62.24.71.164     | ASN.  6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT  
62.24.71.164     | ASN.  6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT  
62.24.71.164     | ASN.  6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT  
62.24.71.164     | ASN.  6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT  
88.208.109.196   | ASN. 29208 | DIALTELECOM-AS Dial Telecom a.s., SK  
88.208.109.196   | ASN. 29208 | DIALTELECOM-AS Dial Telecom a.s., SK  
95.47.178.94     | ASN. 60296 | METRONET-AS, SK  


~~~


## Remarks

please note: 
  - found IPs might contain False-Positives and miss False Negatives
  - Country/ASN-Attribution might not be correct


- [Traffic Light Protocol (TLP) Definitions and Usage](https://www.us-cert.gov/tlp)