Create web_cve_2021_22005_vmware_file_upload

2024-11-06 09:25:17 +00:00 · 2021-09-24 21:21:09 +07:00 · 2021-09-24 21:21:09 +07:00 · 16452ca80e
commit 16452ca80e
parent a7b237e6f3
1 changed files with 23 additions and 0 deletions
--- a/rules/web/web_cve_2021_22005_vmware_file_upload
+++ b/rules/web/web_cve_2021_22005_vmware_file_upload
@ -0,0 +1,23 @@
+title: VMware vCenter Server File Upload CVE-2021-22005
+id: b014ea07-8ea0-4859-b517-50a4e5b7ecec
+status: experimental
+description: Detects exploitation attempts using file upload vulnerability CVE-2021-22005 in the VMWare vCenter Server.
+author: Sittikorn S
+date: 2021/09/24
+references:
+    - https://kb.vmware.com/s/article/85717
+    - https://www.tenable.com/blog/cve-2021-22005-critical-file-upload-vulnerability-in-vmware-vcenter-server
+tags:
+    - attack.initial_access
+    - attack.t1190
+logsource:
+  category: webserver
+detection:
+    selection:
+        cs-method: 'POST'
+        c-uri|contains:
+            - '/analytics/telemetry/ph/api/hyper/send?'
+  condition: selection
+falsepositives:
+- Vulnerability Scanning/Pentesting
+level: high