cve-2022-26809

https://github.com/corelight/cve-2022-26809
10 32 15 0 Last Push 5/17/22, 3:17 PM

CVE-2022-26809

Detects attempts and successful exploitation of CVE-2022-26809, a remote code execution vulnerability over DCE/RPC. This package is described in detail in this Corelight blogpost. This package generates the following notices:

  • CVE_2022_26809::ExploitAttempt, and
  • CVE_2022_26809::ExploitSuccess

The first is generated when an attack is attempted, but does not necessarily succeed. The second is fired only when a successful exploit is detected and should be investigated immediately. No new logs are generated. This package can be installed with zkg using the following commands:

$ zkg refresh
$ zkg install cve-2022-26809

Corelight customers can install it by updating the CVE bundle.

Package Version :

Description :

CVE-2022-26809 is a DCE/RPC RCE exploit.
This package detects both attempts and successful exploits.

Script Dir :

scripts

Test Command :

cd testing && btest -c btest.cfg

Depends :

zeek >=4.0.0