vpatch-CVE-2024-0012 AppSec Rule

« vpatch-CVE-2024-0012 »
v0.1 by crowdsecurity
AppSec rule

PanOS - Authentication Bypass (CVE-2024-0012)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2024-0012

YAML Configuration

1
2name: crowdsecurity/vpatch-CVE-2024-0012
3description: "PanOS - Authentication Bypass (CVE-2024-0012)"
4rules:
5  - and:
6    - zones:
7      - HEADERS
8      variables:
9       - x-pan-authcheck
10      transform:
11      - lowercase
12      match:
13        type: equals
14        value: off
15labels:
16  type: exploit
17  service: http
18  confidence: 3
19  spoofable: 0
20  behavior: "http:exploit"
21  label: "PanOS - Authentication Bypass"
22  classification:
23   - cve.CVE-2024-0012
24   - attack.T1595
25   - attack.T1190
26   - cwe.CWE-306

Hub Appsec rule

« vpatch-CVE-2024-0012 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2024-0012 »
v0.1 by crowdsecurity
AppSec rule