Hub configuration

More info

CVE-2021-4034 Scenario

« `pkexec` CVE-2021-4034 »
v0.2 by crowdsecurity / CVE-2021-4034
Attack scenariolinuxNot spoofableHigh confidence

Detect CVE-2021-4034 exploits

Installation

cscli scenarios install crowdsecurity/CVE-2021-4034

Description

Detects exploit of CVE-2021-4034 pkexec vulnerability.

⚠️ Smart attackers can exploit this vulnerability without leaving traces in logs

YAML Configuration

1type: trigger
2#debug: true
3name: crowdsecurity/CVE-2021-4034
4description: "Detect CVE-2021-4034 exploits"
5filter: evt.Meta.log_type == 'CVE-2021-4034-xpl'
6groupby: evt.Meta.target_user
7blackhole: 1m
8labels:
9  type: privesc
10  classification:
11    - attack.T1548
12    - cve.CVE-2021-4034
13  behavior: "generic:exploit"
14  spoofable: 0
15  confidence: 3
16  service: linux
17  label: "`pkexec` CVE-2021-4034"
18scope:
19  type: system_account
20  expression: evt.Meta.target_user
21

Hub configuration

« `pkexec` CVE-2021-4034 »v0.2 by crowdsecurity / CVE-2021-4034Attack scenarioCVE-2021-4034LinuxlinuxNot spoofableHigh confidenceMITRE:T1548

« `pkexec` CVE-2021-4034 »
v0.2 by crowdsecurity / CVE-2021-4034
Attack scenariolinuxNot spoofableHigh confidence