title: Nimbuspwn Exploitation
id: 7ba05b43-adad-4c02-b5e9-c8c35cdf9fa8
status: experimental
description: Detects exploitation of Nimbuspwn privilege escalation vulnerability (CVE-2022-29799 and CVE-2022-29800)
author: Bhabesh Raj
references:
  - https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
  - https://github.com/Immersive-Labs-Sec/nimbuspwn
date: 2022/05/04
logsource:
  product: linux
detection:
  keyword:
    - 'networkd-dispatcher'
    - 'Error handling notification for interface'
    - '../../'
  condition: all of keyword
falsepositives:
  - Unknown
level: high
tags:
  - attack.privilege_escalation
  - attack.t1068