ET EXPLOIT Possible VMware Workspace ONE Access RCE via Server-Side Template Injection Inbound (CVE-2022-22954)

SID: 2036416Rev: 11 viewsHistory

Sourceet/open

CreatedApril 29, 2022

UpdatedApril 29, 2022

Classificationattempted-admin

alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Possible VMware Workspace ONE Access RCE via Server-Side Template Injection Inbound (CVE-2022-22954)"; flow:to_server,established; http.uri; content:"/catalog-portal/ui/oauth/verify?"; http.uri.raw; content:"&deviceUdid=%24%7b"; fast_pattern; nocase; reference:cve,2022-22954; classtype:attempted-admin; sid:2036416; rev:1; metadata:attack_target Server, created_at 2022_04_29, cve CVE_2022_22954, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, tag CISA_KEV, updated_at 2022_04_29, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)

References

cve	2022-22954

Metadata

attack targetServer

created at2022_04_29

cveCVE-2022-22954

deploymentInternal

confidenceMedium

signature severityMajor

tagCISA_KEV

updated at2022_04_29

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1190

mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!