Emerging Threathightest

Potential Nimbuspwn Exploit CVE-2022-29799 and CVE-2022-27800

Detects potential exploitation attempts of Nimbuspwn vulnerabilities CVE-2022-29799 and CVE-2022-27800 in Linux systems.

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Launch

Bhabesh RajCreated Wed May 04Updated Mon Nov 037ba05b43-adad-4c02-b5e9-c8c35cdf9fa82022

Emerging Threat

Active Threat

Developed to detect an active or emerging threat. Prioritize investigation of any alerts and correlate with threat intelligence.

Log Source

Linux

ProductLinux← raw: linux

Detection Logic

detection:
    keywords:
        '|all':
            - 'networkd-dispatcher'
            - 'Error handling notification for interface'
            - '../../'
    condition: keywords

False Positives

Unknown

False positive likelihood has not been assessed. Additional context may be needed during triage.

References

MITRE ATT&CK

Tactics

TA0004 · Privilege Escalation

Techniques

T1068 · Exploitation for Privilege Escalation

Other

detection.emerging-threatscve.2022-29799cve.2022-27800

Rule Metadata

Rule ID

7ba05b43-adad-4c02-b5e9-c8c35cdf9fa8

Status

test

Level

high

Type

Emerging Threat

Created

Wed May 04

Modified

Mon Nov 03

Author

Bhabesh Raj

Path

rules-emerging-threats/2022/Exploits/CVE-2022-29799/lnx_exploit_cve_2022_27999_cve_2022_27800.yml

Raw Tags

attack.privilege-escalationattack.t1068detection.emerging-threatscve.2022-29799cve.2022-27800

View on GitHub