Nimbuspwn Exploitation

Dec 1, 2023 · attack.privilege_escalation attack.t1068 ·

Detects exploitation of Nimbuspwn privilege escalation vulnerability (CVE-2022-29799 and CVE-2022-29800)

Sigma rule (View on GitHub)

 1title: Nimbuspwn Exploitation
 2id: 7ba05b43-adad-4c02-b5e9-c8c35cdf9fa8
 3status: test
 4description: Detects exploitation of Nimbuspwn privilege escalation vulnerability (CVE-2022-29799 and CVE-2022-29800)
 5references:
 6    - https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
 7    - https://github.com/Immersive-Labs-Sec/nimbuspwn
 8author: Bhabesh Raj
 9date: 2022/05/04
10modified: 2023/01/23
11tags:
12    - attack.privilege_escalation
13    - attack.t1068
14logsource:
15    product: linux
16detection:
17    keywords:
18        '|all':
19            - 'networkd-dispatcher'
20            - 'Error handling notification for interface'
21            - '../../'
22    condition: keywords
23falsepositives:
24    - Unknown
25level: high

References

https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/

Read More
GitHub - Immersive-Labs-Sec/nimbuspwn: This is a PoC for Nimbuspwn, a Linux privilege escalation issue identified by Microsoft

This is a PoC for Nimbuspwn, a Linux privilege escalation issue identified by Microsoft - Immersive-Labs-Sec/nimbuspwn

Read More

Nimbuspwn Exploitation

Sigma rule (View on GitHub)

References

https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/

GitHub - Immersive-Labs-Sec/nimbuspwn: This is a PoC for Nimbuspwn, a Linux privilege escalation issue identified by Microsoft

Related rules