mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-06 09:25:17 +00:00
23 lines
740 B
YAML
23 lines
740 B
YAML
title: VMware vCenter Server File Upload CVE-2021-22005
|
|
id: b014ea07-8ea0-4859-b517-50a4e5b7ecec
|
|
status: experimental
|
|
description: Detects exploitation attempts using file upload vulnerability CVE-2021-22005 in the VMWare vCenter Server.
|
|
author: Sittikorn S
|
|
date: 2021/09/24
|
|
references:
|
|
- https://kb.vmware.com/s/article/85717
|
|
- https://www.tenable.com/blog/cve-2021-22005-critical-file-upload-vulnerability-in-vmware-vcenter-server
|
|
tags:
|
|
- attack.initial_access
|
|
- attack.t1190
|
|
logsource:
|
|
category: webserver
|
|
detection:
|
|
selection:
|
|
cs-method: 'POST'
|
|
c-uri|contains: '/analytics/telemetry/ph/api/hyper/send?'
|
|
condition: selection
|
|
falsepositives:
|
|
- Vulnerability Scanning/Pentesting
|
|
level: high
|