vpatch-CVE-2024-3272 AppSec Rule

« vpatch-CVE-2024-3272 »
v0.1 by crowdsecurity
AppSec rule

D-Link NAS - RCE (CVE-2024-3272)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2024-3272

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2024-3272
2description: " D-Link NAS - RCE (CVE-2024-3272)" #UPDATE THIS
3rules:
4  - and:
5      - zones:
6          - METHOD
7        match:
8          type: equals
9          value: GET
10      - zones:
11          - URI
12        transform:
13          - lowercase
14        match:
15          type: endsWith
16          value: /cgi-bin/nas_sharing.cgi
17      - zones:
18          - ARGS
19        variables:
20          - cmd
21        transform:
22          - lowercase
23        match:
24          type: equals
25          value: "15"
26      - zones:
27          - ARGS_NAMES
28        match:
29          type: equals
30          value: system
31labels:
32  type: exploit
33  service: http
34  confidence: 3
35  spoofable: 0
36  behavior: "http:exploit"
37  label: " D-Link NAS - RCE" #UPDATE THIS
38  classification:
39    - cve.CVE-2024-3272
40    - attack.T1595
41    - attack.T1190
42    - cwe.CWE-287
43

Hub Appsec rule

« vpatch-CVE-2024-3272 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2024-3272 »
v0.1 by crowdsecurity
AppSec rule