vpatch-CVE-2022-46169 AppSec Rule

« vpatch-CVE-2022-46169 »
v0.5 by crowdsecurity
AppSec rule

Cacti RCE (CVE-2022-46169)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2022-46169

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2022-46169
2description: "Cacti RCE (CVE-2022-46169)"
3rules:
4  - and:
5    - zones:
6      - URI
7      transform:
8      - lowercase
9      match:
10        type: endsWith
11        value: /remote_agent.php
12    - zones:
13      - ARGS
14      variables:
15      - poller_id
16      match:
17        type: regex
18        value: "[^a-zA-Z0-9_]"
19
20labels:
21  type: exploit
22  service: http
23  confidence: 3
24  spoofable: 0
25  behavior: "http:exploit"
26  label: "Cacti <=1.2.22 - RCE"
27  classification:
28   - cve.CVE-2022-46169
29   - attack.T1595
30   - attack.T1190
31   - cwe.CWE-74
32   - cwe.CWE-77
33   - cwe.CWE-78
34   - cwe.CWE-863

Hub Appsec rule

« vpatch-CVE-2022-46169 »v0.5 by crowdsecurityAppSec rule

« vpatch-CVE-2022-46169 »
v0.5 by crowdsecurity
AppSec rule