Exploitation Attempt Of CVE-2023-46214 Using Public POC Code

Rule Info

Name
Exploitation Attempt Of CVE-2023-46214 Using Public POC Code
Author
Lars B. P. Frydenskov(Trifork Security)
Description
Detects exploitation attempt of CVE-2023-46214, a remote code execution (RCE) in Splunk Enterprise through insecure XML parsing using known public proof of concept code
Reference
https://github.com/nathan31337/Splunk-RCE-poc/
Date
2023-11-27 00:00:00
Modified
None
Id
ba5268de-4dd4-4d5c-8a90-2b5e6dc1aff8
Tags
attack.lateral-movement attack.t1210 cve.2023-46214 detection.emerging-threats
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=ba5268de-4dd4-4d5c-8a90-2b5e6dc1aff8

Rule History

Author
Title
Date
Commit
frack113
Merge PR #5169 from @frack113 - Add missing `detection.emerging-threats` tags
2025-01-30
62f6d2797
github-actions[bot]
Merge PR #5027 from @nasbench - Promote older rules status from `experimental` to `test`
2024-10-01
08c52c367
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
ts-lbf
Merge PR #4578 from @ts-lbf - Add rules for CVE-2023-46214
2023-11-27
8b42ac347
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022