blue-team-tools/rules/linux/builtin/lnx_nimbuspwn_privilege_escalation_exploit.yml

title: Nimbuspwn Exploitation
id: 7ba05b43-adad-4c02-b5e9-c8c35cdf9fa8
status: test
description: Detects exploitation of Nimbuspwn privilege escalation vulnerability (CVE-2022-29799 and CVE-2022-29800)
references:
    - https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
    - https://github.com/Immersive-Labs-Sec/nimbuspwn
author: Bhabesh Raj
date: 2022-05-04
modified: 2023-01-23
tags:
    - attack.privilege-escalation
    - attack.t1068
logsource:
    product: linux
detection:
    keywords:
        '|all':
            - 'networkd-dispatcher'
            - 'Error handling notification for interface'
            - '../../'
    condition: keywords
falsepositives:
    - Unknown
level: high