CVE-2020-12443 Exploitation Attempt

Aug 21, 2020 ·

Detection the exploit attempt of Path Traversal

Sigma rule (View on GitHub)

 1title: CVE-2020-12443 Exploitation Attempt
 2id: b77aa899-e679-4c00-b4f9-a0caa8a20f09
 3status: experimental
 4description: Detection the exploit attempt of Path Traversal
 5references:
 6  - https://github.com/tchenu/CVE-2020-12112
 7author: Loginsoft Research Unit 
 8date: 2020/07/03
 9logsource:
10  product: BigBlueButton
11  category: webserver
12detection:
13  selection:
14    c-uri|contains: '/bigbluebutton/presentation/download/'
15    c-uri-query|contains: 'presfilename=*&presFilename=../'
16  keywords:
17    - 'Exception getting canonical path for'
18    - 'Cannot find file for'
19  condition: selection or keywords
20falsepositives:
21  - Unknown
22level: medium```

References

GitHub - tchenu/CVE-2020-12112: BigBlueButton versions lower than 2.2.4 have a LFI vulnerability allowing access to sensitive files. 🚨

BigBlueButton versions lower than 2.2.4 have a LFI vulnerability allowing access to sensitive files. 🚨 - tchenu/CVE-2020-12112

Read More

CVE-2020-12443 Exploitation Attempt

Sigma rule (View on GitHub)

References

GitHub - tchenu/CVE-2020-12112: BigBlueButton versions lower than 2.2.4 have a LFI vulnerability allowing access to sensitive files. 🚨