Versions (4)
Version DetailsCurrent
Rev: 3 • Sep 19, 2024, 12:00 PMET WEB_SPECIFIC_APPS Progress WhatsUp Gold HasErrors SQL Injection Authentication Bypass (CVE-2024-6670)
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Progress WhatsUp Gold HasErrors SQL Injection Authentication Bypass (CVE-2024-6670)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/NmConsole/Platform/PerformanceMonitorErrors/HasErrors"; fast_pattern; startswith; http.request_body; content:"|22|classId|22 3a 22|"; pcre:"/^[^\x22]*(?:(?:S(?:HOW\x20(?:C(?:UR(?:DAT|TIM)E|HARACTER\x20SET)|(?:VARI|T)ABLES)|ELECT\x20(?:FROM|USER))|U(?:NION\x20SELEC|PDATE\x20SE)T|DELETE\x20FROM|INSERT\x20INTO)|S(?:HOW.+(?:C(?:HARACTER.+SET|UR(DATE|TIME))|(?:VARI|T)ABLES)|ELECT.+(?:FROM|USER))|U(?:NION.+SELEC|PDATE.+SE)T|DELETE.+FROM|INSERT.+INTO|\x2f\*.+\*\x2f)/Ri"; reference:url,summoning.team/blog/progress-whatsup-gold-sqli-cve-2024-6670/; reference:cve,2024-6670; classtype:web-application-activity; sid:2055983; rev:3; metadata:affected_product WhatsUp_Gold, created_at 2024_09_19, cve CVE_2024_6670, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
Sep 19, 2024, 12:00 PM
Nov 26, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Jul 24, 2025, 9:34 PM
rules/emerging-web_specific_apps.rules