CVE-2021-21978 Exploitation Attempt
Detects the exploitation of the VMware View Planner vulnerability described in CVE-2021-21978
Sigma rule (View on GitHub)
1title: CVE-2021-21978 Exploitation Attempt
2id: 77586a7f-7ea4-4c41-b19c-820140b84ca9
3status: test
4description: Detects the exploitation of the VMware View Planner vulnerability described in CVE-2021-21978
5references:
6 - https://twitter.com/wugeej/status/1369476795255320580
7 - https://paper.seebug.org/1495/
8author: Bhabesh Raj
9date: 2020/03/10
10modified: 2023/01/02
11tags:
12 - attack.initial_access
13 - attack.t1190
14 - cve.2021.21978
15 - detection.emerging_threats
16logsource:
17 category: webserver
18detection:
19 selection:
20 cs-method: 'POST'
21 cs-uri-query|contains|all:
22 - 'logupload'
23 - 'logMetaData'
24 - 'wsgi_log_upload.py'
25 condition: selection
26falsepositives:
27 - Unknown
28level: high
References
Related rules
- Exploitation of CVE-2021-26814 in Wazuh
- CVE-2021-21972 VSphere Exploitation
- CVE-2021-33766 Exchange ProxyToken Exploitation
- CVE-2023-46747 Exploitation Activity - Proxy
- CVE-2023-46747 Exploitation Activity - Webserver