Nimbuspwn Exploitation
Detects exploitation of Nimbuspwn privilege escalation vulnerability (CVE-2022-29799 and CVE-2022-29800)
Sigma rule (View on GitHub)
1title: Nimbuspwn Exploitation
2id: 7ba05b43-adad-4c02-b5e9-c8c35cdf9fa8
3status: test
4description: Detects exploitation of Nimbuspwn privilege escalation vulnerability (CVE-2022-29799 and CVE-2022-29800)
5references:
6 - https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
7 - https://github.com/Immersive-Labs-Sec/nimbuspwn
8author: Bhabesh Raj
9date: 2022-05-04
10modified: 2023-01-23
11tags:
12 - attack.privilege-escalation
13 - attack.t1068
14logsource:
15 product: linux
16detection:
17 keywords:
18 '|all':
19 - 'networkd-dispatcher'
20 - 'Error handling notification for interface'
21 - '../../'
22 condition: keywords
23falsepositives:
24 - Unknown
25level: high
References
Related rules
- Audit CVE Event
- Buffer Overflow Attempts
- Exploiting SetupComplete.cmd CVE-2019-1378
- OMIGOD HTTP No Authentication RCE
- OMIGOD SCX RunAsProvider ExecuteScript