vpatch-CVE-2024-9474 AppSec Rule

« vpatch-CVE-2024-9474 »
v0.3 by crowdsecurity
AppSec rule

PanOS - Privilege Escalation (CVE-2024-9474)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2024-9474

YAML Configuration

1
2name: crowdsecurity/vpatch-CVE-2024-9474
3description: "PanOS - Privilege Escalation (CVE-2024-9474)"
4rules:
5  - and:
6    - zones:
7      - METHOD
8      match:
9        type: equals
10        value: POST
11    - zones:
12      - URI
13      transform:
14      - lowercase
15      match:
16        type: contains
17        value: /php/utils/createremoteappwebsession.php/
18    - zones:
19       - URI
20      transform:
21        - lowercase
22      match:
23        type: endsWith
24        value: .js.map
25    - zones:
26      - BODY_ARGS
27      variables:
28       - user
29      transform:
30      - lowercase
31      match:
32        type: regex
33        value: "[$;|&`>]"
34labels:
35  type: exploit
36  service: http
37  confidence: 3
38  spoofable: 0
39  behavior: "http:exploit"
40  label: "PanOS - Privilege Escalation (CVE-2024-9474)"
41  classification:
42   - cve.CVE-2024-9474
43   - attack.T1595
44   - attack.T1190
45   - cwe.CWE-78
46

Hub Appsec rule

« vpatch-CVE-2024-9474 »v0.3 by crowdsecurityAppSec rule

« vpatch-CVE-2024-9474 »
v0.3 by crowdsecurity
AppSec rule