CVE-2021-21972 VSphere Exploitation
Detects the exploitation of VSphere Remote Code Execution vulnerability as described in CVE-2021-21972
Sigma rule (View on GitHub)
1title: CVE-2021-21972 VSphere Exploitation
2id: 179ed852-0f9b-4009-93a7-68475910fd86
3status: test
4description: Detects the exploitation of VSphere Remote Code Execution vulnerability as described in CVE-2021-21972
5references:
6 - https://www.vmware.com/security/advisories/VMSA-2021-0002.html
7 - https://f5.pm/go-59627.html
8 - https://swarm.ptsecurity.com/unauth-rce-vmware
9author: Bhabesh Raj
10date: 2021-02-24
11modified: 2023-01-02
12tags:
13 - attack.initial-access
14 - attack.t1190
15 - cve.2021-21972
16 - detection.emerging-threats
17logsource:
18 category: webserver
19detection:
20 selection:
21 cs-method: 'POST'
22 cs-uri-query: '/ui/vropspluginui/rest/services/uploadova'
23 condition: selection
24falsepositives:
25 - OVA uploads to your VSphere appliance
26level: high
References
-
For Technical Support (issues with products or services) Select Technical to be redirected to the My Entitlements page Expand the product you require support on Select the case icon from the case c...
Read More -
Related rules
- ADSelfService Exploitation
- Apache Spark Shell Command Injection - Weblogs
- Arcadyan Router Exploitations
- Atlassian Bitbucket Command Injection Via Archive API
- CVE-2010-5278 Exploitation Attempt