vpatch-CVE-2024-29973 AppSec Rule

« vpatch-CVE-2024-29973 »
v0.1 by crowdsecurity
AppSec rule

Zyxel - RCE (CVE-2024-29973)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2024-29973

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2024-29973
2description: "Zyxel - RCE (CVE-2024-29973)"
3rules:
4  - and:
5      - zones:
6          - URI
7        transform:
8          - lowercase
9        match:
10          type: equals
11          value: /cmd,/simzysh/register_main/setcookie
12      - zones:
13          - ARGS
14          - BODY_ARGS
15        variables:
16          - c0
17        transform:
18          - lowercase
19        match:
20          type: contains
21          value: "storage_ext_cgi"
22labels:
23  type: exploit
24  service: http
25  confidence: 3
26  spoofable: 0
27  behavior: "http:exploit"
28  label: "Zyxel - RCE"
29  classification:
30    - cve.CVE-2024-29973
31    - attack.T1595
32    - attack.T1190
33    - cwe.CWE-78
34

Hub Appsec rule

« vpatch-CVE-2024-29973 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2024-29973 »
v0.1 by crowdsecurity
AppSec rule