CVE-2022-24497

CVE-2022-24497

A Zeek detector for CVE-2022-24497:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24497

Example notices from the testing PCAP:

#separator \x09
#set_separator	,
#empty_field	(empty)
#unset_field	-
#path	notice
#open	2022-04-13-21-45-25
#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	email_dest	suppress_for	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
#types	time	string	addr	port	addr	port	string	string	string	enum	enum	string	string	addr	addr	port	count	string	set[enum]	set[string]	interval	string	string	string	double	double
1649885952.829925	CHhAvVGS1DHFjwGM9	192.168.88.146	685	192.168.88.157	111	-	-	-	tcp	CVE202224497::POTENTIAL_CVE_2022_24497	Possible CVE-2022-24497 exploit attempt.  An RPC portmap getport and portmap dump were observed.	-	192.168.88.146	192.168.88.157	111	-	-	Notice::ACTION_LOG	(empty)	3600.000000	-	-	-	-	-
#close	2022-04-13-21-45-25

Package Version :