Potential CVE-2023-46214 Exploitation Attempt

Rule Info

Name
Potential CVE-2023-46214 Exploitation Attempt
Author
Nasreddine Bencherchali (Nextron Systems), Bhavin Patel (STRT)
Description
Detects potential exploitation of CVE-2023-46214, a remote code execution (RCE) in Splunk Enterprise through insecure XML parsing
Reference
https://github.com/nathan31337/Splunk-RCE-poc/
Date
2023-11-27 00:00:00
Modified
None
Id
04017cd5-621e-4ec4-a762-1f042fe3d3e5
Tags
attack.lateral-movement attack.t1210 cve.2023-46214 detection.emerging-threats
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=04017cd5-621e-4ec4-a762-1f042fe3d3e5

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #5027 from @nasbench - Promote older rules status from `experimental` to `test`
2024-10-01
08c52c367
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
ts-lbf
Merge PR #4578 from @ts-lbf - Add rules for CVE-2023-46214
2023-11-27
8b42ac347
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022