From 1ae80a9aa96ed4fbaffdc646a7ec64981c4d3546 Mon Sep 17 00:00:00 2001 From: David Date: Mon, 18 Nov 2024 15:37:09 +0000 Subject: [PATCH 1/3] vpatch-CVE-2024-7593 --- .../vpatch-CVE-2024-7593/config.yaml | 5 ++ .../test-CVE-2024-7593.yaml | 22 ++++++ .../crowdsecurity/vpatch-CVE-2024-7593.yaml | 76 +++++++++++++++++++ .../appsec-virtual-patching.yaml | 1 + 4 files changed, 104 insertions(+) create mode 100644 .appsec-tests/vpatch-CVE-2024-7593/config.yaml create mode 100644 .appsec-tests/vpatch-CVE-2024-7593/test-CVE-2024-7593.yaml create mode 100644 appsec-rules/crowdsecurity/vpatch-CVE-2024-7593.yaml diff --git a/.appsec-tests/vpatch-CVE-2024-7593/config.yaml b/.appsec-tests/vpatch-CVE-2024-7593/config.yaml new file mode 100644 index 0000000000..3d2944f525 --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2024-7593/config.yaml @@ -0,0 +1,5 @@ + +appsec-rules: +- ./appsec-rules/crowdsecurity/base-config.yaml +- ./appsec-rules/crowdsecurity/vpatch-CVE-2024-7593.yaml +nuclei_template: test-CVE-2024-7593.yaml diff --git a/.appsec-tests/vpatch-CVE-2024-7593/test-CVE-2024-7593.yaml b/.appsec-tests/vpatch-CVE-2024-7593/test-CVE-2024-7593.yaml new file mode 100644 index 0000000000..3270a5fbf3 --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2024-7593/test-CVE-2024-7593.yaml @@ -0,0 +1,22 @@ + +id: test-CVE-2024-7593 +info: + name: test-CVE-2024-7593 + author: crowdsec + severity: info + description: test-CVE-2024-7593 testing + tags: appsec-testing +http: + - raw: + - | + POST /apps/zxtm/wizard.fcgi?error=1§ion=Access+Management%3ALocalUsers HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + _form_submitted=form&create_user=Create&group=admin&newusername=testuser&password1=testpass&password2=testpass + cookie-reuse: true + matchers: + - type: status + status: + - 403 + diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2024-7593.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2024-7593.yaml new file mode 100644 index 0000000000..0187dc67d4 --- /dev/null +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2024-7593.yaml @@ -0,0 +1,76 @@ +name: crowdsecurity/vpatch-CVE-2024-7593 +description: "Ivanti vTM - Authentication Bypass (CVE-2024-7593)" +rules: + - and: + - zones: + - METHOD + match: + type: equals + value: POST + - zones: + - URI + transform: + - lowercase + match: + type: endsWith + value: /apps/zxtm/wizard.fcgi + - zones: + - ARGS + variables: + - section + transform: + - lowercase + - urldecode + match: + type: equals + value: "access management:localusers" + - zones: + - ARGS + variables: + - error + transform: + - lowercase + match: + type: equals + value: 1 + - zones: + - BODY_ARGS + variables: + - create_user + match: + type: equals + value: Create + - zones: + - BODY_ARGS + variables: + - group + match: + type: equals + value: admin + - zones: + - BODY_ARGS + variables: + - newusername + match: + type: regex + value: ^.*$ + - zones: + - BODY_ARGS + variables: + - password1 + match: + type: regex + value: ^.*$ + +labels: + type: exploit + service: http + confidence: 3 + spoofable: 0 + behavior: "http:exploit" + label: "Ivanti vTM - Authentication Bypass" + classification: + - cve.CVE-2024-7593 + - attack.T1190 + - cwe.CWE-287 + - cwe.CWE-303 \ No newline at end of file diff --git a/collections/crowdsecurity/appsec-virtual-patching.yaml b/collections/crowdsecurity/appsec-virtual-patching.yaml index 6b9c79d925..c00559a2db 100644 --- a/collections/crowdsecurity/appsec-virtual-patching.yaml +++ b/collections/crowdsecurity/appsec-virtual-patching.yaml @@ -71,6 +71,7 @@ appsec-rules: - crowdsecurity/vpatch-CVE-2024-51567 - crowdsecurity/vpatch-CVE-2024-27956 - crowdsecurity/vpatch-CVE-2024-27954 +- crowdsecurity/vpatch-CVE-2024-7593 author: crowdsecurity contexts: - crowdsecurity/appsec_base From c010c31e746e8f8de13bc5ecfb4f32b861b3b69d Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 18 Nov 2024 15:38:00 +0000 Subject: [PATCH 2/3] Update index --- .index.json | 38 +++++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/.index.json b/.index.json index 56e143402f..5f0bc809aa 100644 --- a/.index.json +++ b/.index.json @@ -2532,6 +2532,33 @@ "type": "exploit" } }, + "crowdsecurity/vpatch-CVE-2024-7593": { + "path": "appsec-rules/crowdsecurity/vpatch-CVE-2024-7593.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "150dab77481d68e06e7c1214584d7724a66249394fcf72e493880a541fb59517", + "deprecated": false + } + }, + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtNzU5MwpkZXNjcmlwdGlvbjogIkl2YW50aSB2VE0gLSBBdXRoZW50aWNhdGlvbiBCeXBhc3MgKENWRS0yMDI0LTc1OTMpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgICAgLSBNRVRIT0QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IFBPU1QKICAgIC0gem9uZXM6CiAgICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC9hcHBzL3p4dG0vd2l6YXJkLmZjZ2kKICAgIC0gem9uZXM6CiAgICAgICAgLSBBUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgICAtIHNlY3Rpb24KICAgICAgdHJhbnNmb3JtOgogICAgICAgIC0gbG93ZXJjYXNlCiAgICAgICAgLSB1cmxkZWNvZGUKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6ICJhY2Nlc3MgbWFuYWdlbWVudDpsb2NhbHVzZXJzIgogICAgLSB6b25lczoKICAgICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAgIC0gZXJyb3IKICAgICAgdHJhbnNmb3JtOgogICAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiAxCiAgICAtIHpvbmVzOgogICAgICAgIC0gQk9EWV9BUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgICAtIGNyZWF0ZV91c2VyCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBDcmVhdGUKICAgIC0gem9uZXM6CiAgICAgICAgLSBCT0RZX0FSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAgIC0gZ3JvdXAKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IGFkbWluCiAgICAtIHpvbmVzOgogICAgICAgIC0gQk9EWV9BUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgICAtIG5ld3VzZXJuYW1lCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IHJlZ2V4CiAgICAgICAgdmFsdWU6IF4uKiQKICAgIC0gem9uZXM6CiAgICAgICAgLSBCT0RZX0FSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAgIC0gcGFzc3dvcmQxCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IHJlZ2V4CiAgICAgICAgdmFsdWU6IF4uKiQKCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkl2YW50aSB2VE0gLSBBdXRoZW50aWNhdGlvbiBCeXBhc3MiCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGN2ZS5DVkUtMjAyNC03NTkzCiAgICAtIGF0dGFjay5UMTE5MAogICAgLSBjd2UuQ1dFLTI4NwogICAgLSBjd2UuQ1dFLTMwMw==", + "description": "Ivanti vTM - Authentication Bypass (CVE-2024-7593)", + "author": "crowdsecurity", + "labels": { + "behavior": "http:exploit", + "classification": [ + "cve.CVE-2024-7593", + "attack.T1190", + "cwe.CWE-287", + "cwe.CWE-303" + ], + "confidence": 3, + "label": "Ivanti vTM - Authentication Bypass", + "service": "http", + "spoofable": 0, + "type": "exploit" + } + }, "crowdsecurity/vpatch-CVE-2024-8190": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2024-8190.yaml", "version": "0.1", @@ -3430,7 +3457,7 @@ }, "crowdsecurity/appsec-virtual-patching": { "path": "collections/crowdsecurity/appsec-virtual-patching.yaml", - "version": "4.4", + "version": "4.5", "versions": { "0.1": { "digest": "a165d638c8d826a932e4ca4e70ec5379d558a0bee1356e871c7c92cc2df714fc", @@ -3607,10 +3634,14 @@ "4.4": { "digest": "ba304a73baf21c9d547dbf7dbb7507173b3ad5ec139cbb762cb13fc78819278f", "deprecated": false + }, + "4.5": { + "digest": "bfce012a429960e8b86fe77fb8fd3c30e7054132d9736f9af116436e84255775", + "deprecated": false } }, "long_description": "IyBBcHBTZWMgVmlydHVhbCBQYXRjaGluZwoKVGhpcyBjb2xsZWN0aW9uIGNvbnRhaW5zIHZpcnR1YWwgcGF0Y2hpbmcgZm9yIGNvbW1vbmx5IGV4cGxvaXRlZCB2dWxuZXJhYmlsaXRpZXMsIGFuZCBpcyBpbnNwaXJlZCBieSB0aGUgW0NJU0EgS25vd24gRXhwbG9pdGVkIFZ1bG5lcmFiaWxpdGllcyBDYXRhbG9nXShodHRwczovL3d3dy5jaXNhLmdvdi9rbm93bi1leHBsb2l0ZWQtdnVsbmVyYWJpbGl0aWVzLWNhdGFsb2cpLiBUaGUgZ29hbCBpcyB0byBwcm92aWRlIHZpcnR1YWwgcGF0Y2hpbmcgY2FwYWJpbGl0aWVzIGZvciB0aGUgbW9zdCBvZnRlbiBleHBsb2l0ZWQgdnVsbmVyYWJpbGl0aWVzLCBhdm9pZGluZyBmYWxzZSBwb3NpdGl2ZXMgd2hpbGUgY2F0Y2hpbmcgcGVvcGxlIHNjb3V0aW5nIHlvdXIgYXBwbGljYXRpb25zIGZvciBqdWljeSB2dWxuZXJhYmlsaXRpZXMuCg==", - "content": "YXBwc2VjLWNvbmZpZ3M6Ci0gY3Jvd2RzZWN1cml0eS92aXJ0dWFsLXBhdGNoaW5nCi0gY3Jvd2RzZWN1cml0eS9hcHBzZWMtZGVmYXVsdAphcHBzZWMtcnVsZXM6Ci0gY3Jvd2RzZWN1cml0eS9iYXNlLWNvbmZpZwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLWVudi1hY2Nlc3MKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00MDA0NAotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE3LTk4NDEKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMC0xMTczOAotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTI3OTI2Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMzU5MTQKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi00NjE2OQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIwMTk4Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjI1MTUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zMzYxNwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM0MzYyCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUxOQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTQyNzkzCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNTAxNjQKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zODIwNQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTI0NDg5Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMzEyOQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIxLTIyOTQxCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTktMTI5ODkKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi00NDg3NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEwNTYyCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNjU1MwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEwMDA4NjEKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAxOS0xMDAzMDMwCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMjI5NjUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yMzc1MgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTQ5MDcwCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtbGFyYXZlbC1kZWJ1Zy1tb2RlCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjgxMjEKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMC0xNzQ5NgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTEzODkKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy03MDI4Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDY4MDUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yMzg5NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIyNTI3Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUwNzgKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zNTA4MgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTIyOTU0Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMTIxMgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLXN5bWZvbnktcHJvZmlsZXIKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1jb25uZWN0d2lzZS1hdXRoLWJ5cGFzcwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTIyMDI0Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjcxOTgKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zMjczCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtNDU3NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI5ODQ5Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDcyMTgKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1naXQtY29uZmlnCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMzIxMTMKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zMjcyCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjgyNTUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yOTgyNAotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI3MzQ4Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjAtNTkwMgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEzMzc5Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMjYxMzQKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zNDEwMgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI5OTczCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItNDEwODIKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAxOS0xODkzNQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTgxOTAKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yODk4NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTM4ODU2Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTgtMjAwNjIKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMS0yNjA4NgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTUxNTY3Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjc5NTYKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yNzk1NAphdXRob3I6IGNyb3dkc2VjdXJpdHkKY29udGV4dHM6Ci0gY3Jvd2RzZWN1cml0eS9hcHBzZWNfYmFzZQpkZXNjcmlwdGlvbjogYSBnZW5lcmljIHZpcnR1YWwgcGF0Y2hpbmcgY29sbGVjdGlvbiwgc3VpdGFibGUgZm9yIG1vc3Qgd2ViIHNlcnZlcnMuCm5hbWU6IGNyb3dkc2VjdXJpdHkvYXBwc2VjLXZpcnR1YWwtcGF0Y2hpbmcKcGFyc2VyczoKLSBjcm93ZHNlY3VyaXR5L2FwcHNlYy1sb2dzCnNjZW5hcmlvczoKLSBjcm93ZHNlY3VyaXR5L2FwcHNlYy12cGF0Y2gK", + "content": "YXBwc2VjLWNvbmZpZ3M6Ci0gY3Jvd2RzZWN1cml0eS92aXJ0dWFsLXBhdGNoaW5nCi0gY3Jvd2RzZWN1cml0eS9hcHBzZWMtZGVmYXVsdAphcHBzZWMtcnVsZXM6Ci0gY3Jvd2RzZWN1cml0eS9iYXNlLWNvbmZpZwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLWVudi1hY2Nlc3MKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00MDA0NAotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE3LTk4NDEKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMC0xMTczOAotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTI3OTI2Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMzU5MTQKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi00NjE2OQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIwMTk4Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjI1MTUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zMzYxNwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM0MzYyCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUxOQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTQyNzkzCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNTAxNjQKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zODIwNQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTI0NDg5Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMzEyOQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIxLTIyOTQxCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTktMTI5ODkKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi00NDg3NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEwNTYyCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNjU1MwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEwMDA4NjEKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAxOS0xMDAzMDMwCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMjI5NjUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yMzc1MgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTQ5MDcwCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtbGFyYXZlbC1kZWJ1Zy1tb2RlCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjgxMjEKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMC0xNzQ5NgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTEzODkKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy03MDI4Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDY4MDUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yMzg5NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIyNTI3Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUwNzgKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zNTA4MgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTIyOTU0Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMTIxMgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLXN5bWZvbnktcHJvZmlsZXIKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1jb25uZWN0d2lzZS1hdXRoLWJ5cGFzcwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTIyMDI0Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjcxOTgKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zMjczCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtNDU3NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI5ODQ5Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDcyMTgKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1naXQtY29uZmlnCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMzIxMTMKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zMjcyCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjgyNTUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yOTgyNAotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI3MzQ4Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjAtNTkwMgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEzMzc5Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMjYxMzQKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zNDEwMgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI5OTczCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItNDEwODIKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAxOS0xODkzNQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTgxOTAKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yODk4NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTM4ODU2Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTgtMjAwNjIKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMS0yNjA4NgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTUxNTY3Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjc5NTYKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yNzk1NAotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTc1OTMKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CmNvbnRleHRzOgotIGNyb3dkc2VjdXJpdHkvYXBwc2VjX2Jhc2UKZGVzY3JpcHRpb246IGEgZ2VuZXJpYyB2aXJ0dWFsIHBhdGNoaW5nIGNvbGxlY3Rpb24sIHN1aXRhYmxlIGZvciBtb3N0IHdlYiBzZXJ2ZXJzLgpuYW1lOiBjcm93ZHNlY3VyaXR5L2FwcHNlYy12aXJ0dWFsLXBhdGNoaW5nCnBhcnNlcnM6Ci0gY3Jvd2RzZWN1cml0eS9hcHBzZWMtbG9ncwpzY2VuYXJpb3M6Ci0gY3Jvd2RzZWN1cml0eS9hcHBzZWMtdnBhdGNoCg==", "description": "a generic virtual patching collection, suitable for most web servers.", "author": "crowdsecurity", "labels": null, @@ -3689,7 +3720,8 @@ "crowdsecurity/vpatch-CVE-2021-26086", "crowdsecurity/vpatch-CVE-2024-51567", "crowdsecurity/vpatch-CVE-2024-27956", - "crowdsecurity/vpatch-CVE-2024-27954" + "crowdsecurity/vpatch-CVE-2024-27954", + "crowdsecurity/vpatch-CVE-2024-7593" ], "appsec-configs": [ "crowdsecurity/virtual-patching", From de76946367f04c761705186eb6c6154576427cdf Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 18 Nov 2024 15:38:01 +0000 Subject: [PATCH 3/3] Update taxonomy --- taxonomy/scenarios.json | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/taxonomy/scenarios.json b/taxonomy/scenarios.json index be05b77b5a..dd9eeead1a 100644 --- a/taxonomy/scenarios.json +++ b/taxonomy/scenarios.json @@ -1617,6 +1617,28 @@ "CWE-276" ] }, + "crowdsecurity/vpatch-CVE-2024-7593": { + "name": "crowdsecurity/vpatch-CVE-2024-7593", + "description": "Ivanti vTM - Authentication Bypass (CVE-2024-7593)", + "label": "Ivanti vTM - Authentication Bypass", + "behaviors": [ + "http:exploit" + ], + "mitre_attacks": [ + "TA0001:T1190" + ], + "confidence": 3, + "spoofable": 0, + "cti": true, + "service": "http", + "cves": [ + "CVE-2024-7593" + ], + "cwes": [ + "CWE-287", + "CWE-303" + ] + }, "crowdsecurity/vpatch-CVE-2024-8190": { "name": "crowdsecurity/vpatch-CVE-2024-8190", "description": "Ivanti Cloud Services Appliance - RCE (CVE-2024-8190)",