Linux “Nimbuspwn” networkd-dispatcher Vulnerability

List All networkd-dispatcher Installations and Versions

Two vulnerabilities have been disclosed by the Microsoft 365 Defender Research Team. CVE-2022-29799 and CVE-2022-29800 dubbed "Nimbuspwn" are two vulnerabilities that, when combined can allow attackers to gain root access, allowing them to do anything from deploying packages, execute code, install ransomware, and more. The vulnerabilities lie in the the networkd-dispatcher package. A part of the systemd component that is responsible for dispatching network status changes. You can read more about the vulnerability in the Nimbuspwn blog post.

 

The report below provides an overview of all Linux machines where the networkd-dispatcher has been found. It also lists the specific version of networkd-dispatcher installed. The vulnerability has been patched in the networkd-dispatcher, although the version in which it has been fixed isn't clear. Presumably, Linux distributions will start updating their networkd-dispatcher versions soon.

Nimbuspwn Vulnerability Query

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypename As AssetType,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblLinuxSoftware.Version As Version,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblLinuxSystem.OSRelease As OS,
tblLinuxSystem.KernelRelease,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblLinuxSoftware.LastChanged
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblLinuxSoftware On tblAssets.AssetID = tblLinuxSoftware.AssetID
Inner Join tblSoftwareUni On
tblSoftwareUni.SoftID = tblLinuxSoftware.SoftwareUniID
Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID
Where tblSoftwareUni.softwareName Like '%networkd-dispatcher%' And
tblState.Statename = 'Active'
Order By tblAssets.Domain,
tblAssets.AssetName,
Software

Audit and Take Action in 3 Easy Steps

1. Download & Install Lansweeper

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit