Rule History

alert tcp any any -> $HOME_NET 9643 (msg:"ET WEB_SPECIFIC_APPS Progress WhatsUp Gold Pre-Auth WriteDataFile Directory Traversal RCE (CVE-2024-4883)"; flow:established,to_server; content:"|00|W|00|h|00|a|00|t|00|s|00|U|00|p|00 5c 00|h|00|t|00|m|00|l|00 5c 00|N|00|m|00|C|00|o|00|n|00|s|00|o|00|l|00|e|00 5c 00|"; fast_pattern; pcre:"/^(?:[\x20-\x7e]\x00)+\x2e\x00a\x00s\x00p\x00x\x00/Ri"; reference:url,summoning.team/blog/progress-whatsup-gold-writedatafile-cve-2024-4883-rce/; reference:cve,2024-4883; classtype:web-application-activity; sid:2055953; rev:1; metadata:affected_product WhatsUp_Gold, created_at 2024_09_18, cve CVE_2024_4883, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_09_18, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)