Emerging Threathightest

VMware vCenter Server File Upload CVE-2021-22005

Detects exploitation attempts using file upload vulnerability CVE-2021-22005 in the VMWare vCenter Server.

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Sittikorn SCreated Fri Sep 24Updated Mon Jan 02b014ea07-8ea0-4859-b517-50a4e5b7ecec2021

Emerging Threat

Active Threat

Developed to detect an active or emerging threat. Prioritize investigation of any alerts and correlate with threat intelligence.

Log Source

Web Server Log

CategoryWeb Server Log← raw: webserver

HTTP access logs from web servers capturing request paths, methods, and status codes.

Detection Logic

detection:
    selection:
        cs-method: 'POST'
        cs-uri-query|contains: '/analytics/telemetry/ph/api/hyper/send?'
    condition: selection

False Positives

Vulnerability Scanning

References

MITRE ATT&CK

Tactics

Techniques

Other

cve.2021-22005detection.emerging-threats

Rule Metadata

Rule ID

b014ea07-8ea0-4859-b517-50a4e5b7ecec

Status

test

Level

high

Type

Emerging Threat

Created

Fri Sep 24

Modified

Mon Jan 02

Author

Path

rules-emerging-threats/2021/Exploits/CVE-2021-22005/web_cve_2021_22005_vmware_file_upload.yml

Raw Tags

attack.initial-accessattack.t1190cve.2021-22005detection.emerging-threats