vpatch-CVE-2023-20198 AppSec Rule

« vpatch-CVE-2023-20198 »
v0.6 by crowdsecurity
AppSec rule

CISCO IOS XE Account Creation (CVE-2023-20198)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2023-20198

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2023-20198
2description: "CISCO IOS XE Account Creation (CVE-2023-20198)"
3rules:
4  - and:
5    - zones:
6      - URI
7      transform:
8      - lowercase
9      match:
10        type: endsWith
11        value: /%77ebui_wsma_https
12    - zones:
13      - METHOD
14      match:
15        type: equals
16        value: POST
17labels:
18  type: exploit
19  service: http
20  confidence: 3
21  spoofable: 0
22  behavior: "http:exploit"
23  label: "CISCO IOS XE account creation"
24  classification:
25   - cve.CVE-2023-20198
26   - attack.T1595
27   - attack.T1190
28   - cwe.CWE-287

Hub Appsec rule

« vpatch-CVE-2023-20198 »v0.6 by crowdsecurityAppSec rule

« vpatch-CVE-2023-20198 »
v0.6 by crowdsecurity
AppSec rule