add CVE-2024-1212 vpatch and tests (#1012)

crowdsecurity · Mar 26, 2024 · f1966a5 · f1966a5
1 parent 2189c12
commit f1966a5
Show file tree

Hide file tree

Showing 6 changed files with 83 additions and 24 deletions.
diff --git a/.appsec-tests/CVE-2024-1212/CVE-2024-1212.yaml b/.appsec-tests/CVE-2024-1212/CVE-2024-1212.yaml
@@ -0,0 +1,17 @@
+id: CVE-2024-1212
+info:
+  name: CVE-2024-1212
+  author: crowdsec
+  severity: info
+  description: CVE-2024-1212 testing
+  tags: appsec-testing
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/access/set?param=enableapi&value=1"
+    headers:
+      Authorization: "Basic JztsczsnOmRvZXNub3RtYXR0ZXI="
+    matchers:
+    - type: status
+      status:
+       - 403
diff --git a/.appsec-tests/CVE-2024-1212/config.yaml b/.appsec-tests/CVE-2024-1212/config.yaml
@@ -0,0 +1,3 @@
+appsec-rules:
+- ./appsec-rules/crowdsecurity/vpatch-CVE-2024-1212.yaml
+nuclei_template: CVE-2024-1212.yaml
diff --git a/.index.json b/.index.json
@@ -1313,28 +1313,38 @@
     "type": "exploit"
    }
   },
-  "crowdsecurity/vpatch-CVE-2024-22024": {
-   "path": "appsec-rules/crowdsecurity/vpatch-CVE-2024-22024.yaml",
-   "version": "0.1",
+  "crowdsecurity/vpatch-CVE-2024-1212": {
+   "path": "appsec-rules/crowdsecurity/vpatch-CVE-2024-1212.yaml",
+   "version": "0.3",
    "versions": {
     "0.1": {
-     "digest": "86d1e5651f9ed931064321629d37acd1d297f050af95304004743546ccde373b",
+     "digest": "3326d798f61d7c8958a55949f3867b13d88f86483eed381947596e8f4596f3ea",
+     "deprecated": false
+    },
+    "0.2": {
+     "digest": "0819184b4cda6c3ef48cf2fde19c4a5a9dde6a3389b0ad0c4a65df61de3247d0",
+     "deprecated": false
+    },
+    "0.3": {
+     "digest": "58256c07b3c6e43e42f125bb0b735b31ec621e17c3067ededc97b9fc5cc239a7",
      "deprecated": false
     }
    },
-   "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjIwMjQKZGVzY3JpcHRpb246ICJJdmFudGkgQ29ubmVjdCBTZWN1cmUgLSBYWEUgKENWRS0yMDI0LTIyMDI0KSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIE1FVEhPRAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogUE9TVAogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlbmRzV2l0aAogICAgICAgIHZhbHVlOiAiL2RhbmEtbmEvYXV0aC9zYW1sLXNzby5jZ2kiCiAgICAtIHpvbmVzOgogICAgICAtIEJPRFlfQVJHUwogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gYjY0ZGVjb2RlCiAgICAgIHZhcmlhYmxlczoKICAgICAgLSBTQU1MUmVxdWVzdAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBjb250YWlucwogICAgICAgIHZhbHVlOiAiPCFFTlRJVFkiCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkl2YW50aSBDb25uZWN0IFNlY3VyZSAtIFhYRSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjQtMjIwMjQKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTYxMQoKCg==",
-   "description": "Ivanti Connect Secure - XXE (CVE-2024-22024)",
+   "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMTIxMgpkZXNjcmlwdGlvbjogIlByb2dyZXNzIEtlbXAgTG9hZE1hc3RlciBVbmF1dGhlbnRpY2F0ZWQgQ29tbWFuZCBJbmplY3Rpb24gKENWRS0yMDI0LTEyMTIpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogL2FjY2Vzcy9zZXQKICAgIC0gem9uZXM6CiAgICAgIC0gSEVBREVSUwogICAgICB2YXJpYWJsZXM6CiAgICAgIC0gQXV0aG9yaXphdGlvbgogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBjb250YWlucwogICAgICAgIHZhbHVlOiAnQmFzaWMgSnp0JyAjYjY0ZW5jb2RlIG9mICc7CmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkxvYWRNYXN0ZXIgVUNJIgogIHJlZmVyZW5jZXM6CiAgLSBodHRwczovL3JoaW5vc2VjdXJpdHlsYWJzLmNvbS9yZXNlYXJjaC9jdmUtMjAyNC0xMjEydW5hdXRoZW50aWNhdGVkLWNvbW1hbmQtaW5qZWN0aW9uLWluLXByb2dyZXNzLWtlbXAtbG9hZG1hc3Rlci8KICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjQtMTIxMgogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAo=",
+   "description": "Progress Kemp LoadMaster Unauthenticated Command Injection (CVE-2024-1212)",
    "author": "crowdsecurity",
    "labels": {
     "behavior": "http:exploit",
     "classification": [
-     "cve.CVE-2024-22024",
+     "cve.CVE-2024-1212",
      "attack.T1595",
-     "attack.T1190",
-     "cwe.CWE-611"
+     "attack.T1190"
     ],
     "confidence": 3,
-    "label": "Ivanti Connect Secure - XXE",
+    "label": "LoadMaster UCI",
+    "references": [
+     "https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster/"
+    ],
     "service": "http",
     "spoofable": 0,
     "type": "exploit"
@@ -2221,12 +2231,12 @@
      "deprecated": false
     },
     "2.1": {
-     "digest": "17692cbef4a1380a7a89d2d1382a307b0f98ae7305cbe42f8bab1b9caad4565d",
+     "digest": "fc1ef8a2e1323bce88166aa776062c6aa25b22da058200d60d541209fdd82157",
      "deprecated": false
     }
    },
    "long_description": "IyBBcHBTZWMgVmlydHVhbCBQYXRjaGluZwoKVGhpcyBjb2xsZWN0aW9uIGNvbnRhaW5zIHZpcnR1YWwgcGF0Y2hpbmcgZm9yIGNvbW1vbmx5IGV4cGxvaXRlZCB2dWxuZXJhYmlsaXRpZXMsIGFuZCBpcyBpbnNwaXJlZCBieSB0aGUgW0NJU0EgS25vd24gRXhwbG9pdGVkIFZ1bG5lcmFiaWxpdGllcyBDYXRhbG9nXShodHRwczovL3d3dy5jaXNhLmdvdi9rbm93bi1leHBsb2l0ZWQtdnVsbmVyYWJpbGl0aWVzLWNhdGFsb2cpLiBUaGUgZ29hbCBpcyB0byBwcm92aWRlIHZpcnR1YWwgcGF0Y2hpbmcgY2FwYWJpbGl0aWVzIGZvciB0aGUgbW9zdCBvZnRlbiBleHBsb2l0ZWQgdnVsbmVyYWJpbGl0aWVzLCBhdm9pZGluZyBmYWxzZSBwb3NpdGl2ZXMgd2hpbGUgY2F0Y2hpbmcgcGVvcGxlIHNjb3V0aW5nIHlvdXIgYXBwbGljYXRpb25zIGZvciBqdWljeSB2dWxuZXJhYmlsaXRpZXMuCg==",
-   "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9hcHBzZWMtdmlydHVhbC1wYXRjaGluZwphcHBzZWMtcnVsZXM6CiAgLSBjcm93ZHNlY3VyaXR5L2Jhc2UtY29uZmlnCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1lbnYtYWNjZXNzCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00MDA0NAogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTctOTg0MQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjAtMTE3MzgKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTI3OTI2CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi0zNTkxNAogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItNDYxNjkKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIwMTk4CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yMjUxNQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzM2MTcKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM0MzYyCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zNTE5CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00Mjc5MwogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNTAxNjQKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM4MjA1CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yNDQ4OQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMzEyOQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMjI5NDEKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE5LTEyOTg5CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi00NDg3NwogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTgtMTA1NjIKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTY1NTMKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEwMDA4NjEKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE5LTEwMDMwMzAKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTIyOTY1CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yMzc1MgogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDkwNzAKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLWxhcmF2ZWwtZGVidWctbW9kZQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjgxMjEKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIwLTE3NDk2CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0xMzg5CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy03MDI4CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00NjgwNQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjM4OTcKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIyNTI3CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zNTA3OAogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUwODIKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTIyOTU0CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1zeW1mb255LXByb2ZpbGVyCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1jb25uZWN0d2lzZS1hdXRoLWJ5cGFzcwogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjIwMjQKYXBwc2VjLWNvbmZpZ3M6CiAgLSBjcm93ZHNlY3VyaXR5L3ZpcnR1YWwtcGF0Y2hpbmcKcGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvYXBwc2VjLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9hcHBzZWMtdnBhdGNoCmRlc2NyaXB0aW9uOiAiYSBnZW5lcmljIHZpcnR1YWwgcGF0Y2hpbmcgY29sbGVjdGlvbiwgc3VpdGFibGUgZm9yIG1vc3Qgd2ViIHNlcnZlcnMuIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKCg==",
+   "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9hcHBzZWMtdmlydHVhbC1wYXRjaGluZwphcHBzZWMtcnVsZXM6CiAgLSBjcm93ZHNlY3VyaXR5L2Jhc2UtY29uZmlnCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1lbnYtYWNjZXNzCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00MDA0NAogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTctOTg0MQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjAtMTE3MzgKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTI3OTI2CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi0zNTkxNAogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItNDYxNjkKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIwMTk4CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yMjUxNQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzM2MTcKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM0MzYyCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zNTE5CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00Mjc5MwogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNTAxNjQKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM4MjA1CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yNDQ4OQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMzEyOQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMjI5NDEKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE5LTEyOTg5CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi00NDg3NwogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTgtMTA1NjIKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTY1NTMKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEwMDA4NjEKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE5LTEwMDMwMzAKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTIyOTY1CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yMzc1MgogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDkwNzAKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLWxhcmF2ZWwtZGVidWctbW9kZQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjgxMjEKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIwLTE3NDk2CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0xMzg5CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy03MDI4CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00NjgwNQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjM4OTcKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIyNTI3CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zNTA3OAogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUwODIKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTIyOTU0CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0xMjEyCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1zeW1mb255LXByb2ZpbGVyCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1jb25uZWN0d2lzZS1hdXRoLWJ5cGFzcwphcHBzZWMtY29uZmlnczoKICAtIGNyb3dkc2VjdXJpdHkvdmlydHVhbC1wYXRjaGluZwpwYXJzZXJzOgogIC0gY3Jvd2RzZWN1cml0eS9hcHBzZWMtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2FwcHNlYy12cGF0Y2gKZGVzY3JpcHRpb246ICJhIGdlbmVyaWMgdmlydHVhbCBwYXRjaGluZyBjb2xsZWN0aW9uLCBzdWl0YWJsZSBmb3IgbW9zdCB3ZWIgc2VydmVycy4iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQoK",
    "description": "a generic virtual patching collection, suitable for most web servers.",
    "author": "crowdsecurity",
    "labels": null,
@@ -2276,9 +2286,9 @@
     "crowdsecurity/vpatch-CVE-2023-35078",
     "crowdsecurity/vpatch-CVE-2023-35082",
     "crowdsecurity/vpatch-CVE-2022-22954",
+    "crowdsecurity/vpatch-CVE-2024-1212",
     "crowdsecurity/vpatch-symfony-profiler",
-    "crowdsecurity/vpatch-connectwise-auth-bypass",
-    "crowdsecurity/vpatch-CVE-2024-22024"
+    "crowdsecurity/vpatch-connectwise-auth-bypass"
    ],
    "appsec-configs": [
     "crowdsecurity/virtual-patching"
@@ -14922,4 +14932,4 @@
    }
   }
  }
-}
+}
diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2024-1212.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2024-1212.yaml
@@ -0,0 +1,31 @@
+name: crowdsecurity/vpatch-CVE-2024-1212
+description: "Progress Kemp LoadMaster Unauthenticated Command Injection (CVE-2024-1212)"
+rules:
+  - and:
+    - zones:
+      - URI
+      transform:
+      - lowercase
+      match:
+        type: contains
+        value: /access/set
+    - zones:
+      - HEADERS
+      variables:
+      - Authorization
+      match:
+        type: contains
+        value: 'Basic Jzt' #b64encode of ';
+labels:
+  type: exploit
+  service: http
+  confidence: 3
+  spoofable: 0
+  behavior: "http:exploit"
+  label: "LoadMaster UCI"
+  references:
+  - https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster/
+  classification:
+   - cve.CVE-2024-1212
+   - attack.T1595
+   - attack.T1190
diff --git a/collections/crowdsecurity/appsec-virtual-patching.yaml b/collections/crowdsecurity/appsec-virtual-patching.yaml
@@ -39,6 +39,7 @@ appsec-rules:
   - crowdsecurity/vpatch-CVE-2023-35078
   - crowdsecurity/vpatch-CVE-2023-35082
   - crowdsecurity/vpatch-CVE-2022-22954
+  - crowdsecurity/vpatch-CVE-2024-1212
   - crowdsecurity/vpatch-symfony-profiler
   - crowdsecurity/vpatch-connectwise-auth-bypass
   - crowdsecurity/vpatch-CVE-2024-22024

diff --git a/taxonomy/scenarios.json b/taxonomy/scenarios.json
@@ -760,10 +760,10 @@
       "CVE-2023-7028"
     ]
   },
-  "crowdsecurity/vpatch-CVE-2024-22024": {
-    "name": "crowdsecurity/vpatch-CVE-2024-22024",
-    "description": "Ivanti Connect Secure - XXE (CVE-2024-22024)",
-    "label": "Ivanti Connect Secure - XXE",
+  "crowdsecurity/vpatch-CVE-2024-1212": {
+    "name": "crowdsecurity/vpatch-CVE-2024-1212",
+    "description": "Progress Kemp LoadMaster Unauthenticated Command Injection (CVE-2024-1212)",
+    "label": "LoadMaster UCI",
     "behaviors": [
       "http:exploit"
     ],
@@ -776,10 +776,7 @@
     "cti": true,
     "service": "http",
     "cves": [
-      "CVE-2024-22024"
-    ],
-    "cwes": [
-      "CWE-611"
+      "CVE-2024-1212"
     ]
   },
   "crowdsecurity/vpatch-CVE-2024-23897": {
@@ -4934,4 +4931,4 @@
     "cti": true,
     "service": "joplin"
   }
-}
+}