{"vulnerability": "CVE-2020-14871", "sightings": [{"uuid": "ebf1b02d-6d73-4f39-8708-5d9dd3ea75d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:19.000000Z"}, {"uuid": "c3c9e811-9197-46cb-90f8-7b49a61829f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "28fa6f6f-48e5-461c-a171-9a875821c4a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "MISP/722231ed-1535-455b-aae2-4705701f1258", "content": "", "creation_timestamp": "2020-11-02T19:35:04.000000Z"}, {"uuid": "6128c5a1-4e0d-4e26-9362-bb15b9cbf834", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "MISP/5b10637e-d393-49ad-ad96-111efc6b0e9a", "content": "", "creation_timestamp": "2024-11-14T06:07:36.000000Z"}, {"uuid": "e7c2a1ba-4f63-4612-9c3f-7c5692285dc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2970961", "content": "", "creation_timestamp": "2024-12-24T20:22:20.917075Z"}, {"uuid": "2f8e0177-1e7d-4624-bcef-687520af459b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "acf37f71-2f9c-4ff0-91c0-10f84c8e4ca8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/solaris/ssh/pam_username_bof.rb", "content": "", "creation_timestamp": "2020-12-16T21:08:38.000000Z"}, {"uuid": "75caddd4-7c34-4d29-ad28-585a1c28e342", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:24.000000Z"}, {"uuid": "50a172fe-4d3a-4515-890c-68157ab58600", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:46.000000Z"}, {"uuid": "d3020be8-e9ef-4710-b986-d09ecb929cb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:59.000000Z"}, {"uuid": "dbadbcf2-bc17-44af-a090-9f15069bce48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-14871", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/e2ce10ec-b4cf-4913-990c-d39f3f325466", "content": "", "creation_timestamp": "2026-02-02T12:28:59.139368Z"}, {"uuid": "50844e96-6af4-4507-9f65-47afbbf5069f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "https://t.me/CyberGovIL/906", "content": "\u05d4\u05ea\u05e8\u05e2\u05d4 - \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05d1\u05de\u05e2\u05e8\u05db\u05ea \u05d4\u05d4\u05e4\u05e2\u05dc\u05d4 Com1275 | Oracle Solaris\n\n\u05d7\u05d1\u05e8\u05ea \u05d0\u05d5\u05e8\u05e7\u05dc \u05e4\u05e8\u05e1\u05de\u05d4 \u05d1\u05de\u05e1\u05d2\u05e8\u05ea \u05d4\u05ea\u05e8\u05e2\u05ea \u05d4\u05d0\u05d1\u05d8\u05d7\u05d4 \u05d4\u05e8\u05d1\u05e2\u05d5\u05e0\u05d9\u05ea \u05d4\u05d0\u05d7\u05e8\u05d5\u05e0\u05d4 \u05e9\u05dc\u05d4 \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea (CVE-2020-14871) \u05d1\u05de\u05d5\u05e6\u05e8 Oracle Solaris, \u05d4\u05e2\u05dc\u05d5\u05dc\u05d4 \u05dc\u05d0\u05e4\u05e9\u05e8 \u05dc\u05d2\u05d5\u05e8\u05dd \u05d1\u05dc\u05ea\u05d9 \u05de\u05d5\u05e8\u05e9\u05d4 \u05d4\u05e9\u05ea\u05dc\u05d8\u05d5\u05ea \u05de\u05dc\u05d0\u05d4 \u05e2\u05dc \u05d4\u05e9\u05e8\u05ea \u05d1\u05d0\u05de\u05e6\u05e2\u05d5\u05ea \u05de\u05e1\u05e4\u05e8 \u05e4\u05e8\u05d5\u05d8\u05d5\u05e7\u05d5\u05dc\u05d9\u05dd.\n\n\u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05de\u05d3\u05d5\u05e8\u05d2\u05ea \u05d1\u05d3\u05d9\u05e8\u05d5\u05d2 \u05d4-CVSS \u05d4\u05d2\u05d1\u05d5\u05d4 \u05d1\u05d9\u05d5\u05ea\u05e8 (10 \u05de\u05ea\u05d5\u05da 10).", "creation_timestamp": "2020-11-04T11:40:09.000000Z"}, {"uuid": "12a7d089-6c59-4774-a0a8-e2e3336d8bc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "Telegram/0HYLGhUKfOaz0jB50dGhU2fq-G_e7X2GSHNTYyogkSMsgQo", "content": "", "creation_timestamp": "2025-06-06T21:00:09.000000Z"}, {"uuid": "1c8eaf99-82b2-4ae0-a3b1-305a7dc24366", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "https://t.me/ctinow/25065", "content": "In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover \u2014 CVE-2020-14871\n\nhttps://ift.tt/38c28j2", "creation_timestamp": "2020-11-04T20:20:53.000000Z"}, {"uuid": "778ec4b3-b3dc-40ee-a34b-b8b6159b6c91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/195", "content": "CVE-2020-14871 Oracle Solaris SunSSH PAM parse user name() \u7de9\u885d\u5340\u6ea2\u51fa\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2020-14871_Oracle_Solaris_SunSSH_PAM_parse_user_name()_%E7%B7%A9%E8%A1%9D%E5%8D%80%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-04-16T11:18:06.000000Z"}, {"uuid": "76e4853b-aad4-4b0c-8a5d-3a64b122023e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1565", "content": "#exploit\n1. CVE 2020-14871:\nSun Solaris PoC Exploit\nhttps://github.com/robidev/CVE-2020-14871-Exploit\n\n2. CVE-2021-45105: \nDoS via Uncontrolled Recursion in Log4j Strsubstitutor\nhttps://www.zerodayinitiative.com/blog/2021/12/17/cve-2021-45105-denial-of-service-via-uncontrolled-recursion-in-log4j-strsubstitutor\n\n@BlueRedTeam", "creation_timestamp": "2021-12-26T08:45:29.000000Z"}, {"uuid": "a724a9b1-c2d1-4a34-ad97-80db71be6706", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2030", "content": "#Threat_Research\nAn Overview of UNC1945\n(CVE-2020-14871 in Oracle Solaris 9)\nhttps://www.fireeye.com/blog/threat-research/2020/11/live-off-the-land-an-overview-of-unc1945.html", "creation_timestamp": "2020-12-31T19:18:36.000000Z"}, {"uuid": "f0a0f5db-96fa-44b5-896f-41fc6e42eb2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "https://t.me/arpsyndicate/1369", "content": "#ExploitObserverAlert\n\nCVE-2020-14871\n\nDESCRIPTION: Exploit Observer has 20 entries related to CVE-2020-14871. Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).\n\nFIRST-EPSS: 0.135330000\nNVD-IS: 6.0\nNVD-ES: 3.9", "creation_timestamp": "2023-12-05T02:34:33.000000Z"}, {"uuid": "7b4d74b5-a24a-4bf4-83ed-0761b8f66677", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "exploited", "source": "https://t.me/true_secator/1120", "content": "\u200b\u200b\u041a\u0430\u043a\u0430\u044f \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u0430\u044f \u0432\u0435\u0449\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430\u0441\u044c.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0438\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u044b Hacker House \u043f\u0438\u0448\u0435\u0442 \u043f\u0440\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2020-14871, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u044b \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0438 \u043d\u0430 \u0434\u043d\u044f\u0445. \u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u0447\u0442\u043e \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0446\u044b \u0438\u0437 FireEye \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u043e\u0432\u043e\u0439 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b UNC1945 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u041e\u0421 Solaris, \u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u043e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u041a\u0430\u043a \u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f, CVE-2020-14871 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0440\u044f\u0434\u043e\u043c \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u0445 \u0433\u0440\u0443\u043f\u043f \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0436 \u0441 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2014 \u0433\u043e\u0434\u0430, \u0442\u043e \u0435\u0441\u0442\u044c \u0448\u0435\u0441\u0442\u044c (!) \u043b\u0435\u0442. \u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u043e\u043d\u0430 \u0431\u044b\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0430 \u0432 \u0441\u043b\u0438\u0442\u043e\u0439 \u0432 2015 \u0433\u043e\u0434\u0443 \u0445\u0430\u043a\u0442\u0438\u0432\u0438\u0441\u0442\u043e\u043c \u0424\u0438\u043d\u0435\u0430\u0441\u043e\u043c \u0424\u0438\u0448\u0435\u0440\u043e\u043c \u043f\u0435\u0440\u0435\u043f\u0438\u0441\u043a\u0435 \u0437\u0430\u043a\u0440\u044b\u0442\u043e\u0439 \u043d\u044b\u043d\u0435 \u0438\u0442\u0430\u043b\u044c\u044f\u043d\u0441\u043a\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Hacking Team. \u0422\u043e \u0435\u0441\u0442\u044c \u0448\u0435\u0441\u0442\u044c \u043b\u0435\u0442 \u0441\u043f\u0435\u0446\u0441\u043b\u0443\u0436\u0431\u044b \u0432\u0441\u0435\u0433\u043e \u043c\u0438\u0440\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0438\u0442\u0430\u043b\u044c\u044f\u043d\u0446\u044b \u043f\u0440\u043e\u0434\u0430\u0432\u0430\u043b\u0438 \u0441\u0432\u043e\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438, \u043c\u043e\u0433\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c CVE-2020-14871 \u0432 \u0441\u0432\u043e\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.\n\nHacking Team, \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u0432 2003 \u0433\u043e\u0434\u0443, \u0431\u044b\u043b\u0430 \u043f\u0438\u043e\u043d\u0435\u0440\u043e\u043c \u043d\u0430 \u0440\u044b\u043d\u043a\u0435 \u043b\u0435\u0433\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u0437\u043b\u043e\u043c\u0430, \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u044f \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u041f\u041a \u0438 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0438 \u043f\u0440\u043e\u0434\u0430\u0432\u0430\u044f \u0438\u0445 \u043f\u0440\u0430\u0432\u043e\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u043e\u0440\u0433\u0430\u043d\u0430\u043c \u0438 \u0441\u043f\u0435\u0446\u0441\u043b\u0443\u0436\u0431\u0430\u043c. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0431\u044b\u0441\u0442\u0440\u043e \u0432\u044b\u0448\u043b\u0430 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u043d\u0430\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0440\u044b\u043d\u043a\u0430 \u0438 \u043d\u0430 \u0441\u0432\u043e\u0435\u0439 \u0432\u0435\u0440\u0448\u0438\u043d\u0435 \u0432 2015 \u0433\u043e\u0434\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b \u0432 41 \u0441\u0442\u0440\u0430\u043d\u0443.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0432\u044b \u0438\u043c\u0435\u0435\u0442\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043c\u043e\u0433\u0443\u0442 \u0436\u0438\u0442\u044c 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0434\u0435\u0441\u044f\u0442\u043a\u0438 \u0442\u044b\u0441\u044f\u0447 \u0441\u0438\u0441\u0442\u0435\u043c, \u0438 \u043a\u0430\u043a \u043e\u043d\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f.", "creation_timestamp": "2020-11-05T19:00:33.000000Z"}, {"uuid": "dff4d6be-4add-4c2f-a957-1881d93d0a6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "seen", "source": "https://t.me/true_secator/1110", "content": "\u0414\u0430\u0432\u043d\u0435\u043d\u044c\u043a\u043e \u043d\u0435 \u0432\u0438\u0434\u0435\u043b\u0438 \u043c\u044b \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0445 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0439 \u043e\u0442 \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0446\u0435\u0432 \u0438\u0437 \u0433\u0440\u0443\u043f\u043f\u044b Mandiat \u0438\u043d\u0444\u043e\u0441\u0435\u043a \u0432\u0435\u043d\u0434\u043e\u0440\u0430 FireEye. \u0418 \u0432\u043e\u0442 \u0432\u044b\u0448\u0435\u043b \u043e\u0431\u0437\u043e\u0440 \u043f\u0440\u043e \u043d\u043e\u0432\u0443\u044e \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0443\u044e \u0433\u0440\u0443\u043f\u043f\u0443, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0438\u043b\u0438 \u043a\u0430\u043a UNC1945. \u0410 \u0433\u0440\u0443\u043f\u043f\u0430 - \u0441\u043a\u0438\u043b\u043b\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u0438 \u0432\u043e\u043e\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f 0-day \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c\u0438.\n\n\u0412\u043f\u0435\u0440\u0432\u044b\u0435 FireEye \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 UNC1945 \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 2020 \u0433\u043e\u0434\u0430, \u0445\u043e\u0442\u044f \u0435\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u043d\u0430\u0447\u0438\u043d\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0441 \u043a\u043e\u043d\u0446\u0430 2018. \u041e\u0441\u043d\u043e\u0432\u043d\u044b\u043c\u0438 \u0446\u0435\u043b\u044f\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u043e\u0432 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0444\u0438\u043d\u0430\u043d\u0441\u044b \u0438 \u043a\u043e\u043d\u0441\u0430\u043b\u0442\u0438\u043d\u0433.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0434\u0432\u0430 \u0444\u0430\u043a\u0442\u0430 \u0432\u0437\u043b\u043e\u043c\u0430 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u041e\u0421 Solaris \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 EVILSUN \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 CVE-2020-14871 \u0438 \u0441 \u043f\u043e\u0434\u0430\u0447\u0438 FireEye \u0431\u044b\u043b\u0430 \u0437\u0430\u043a\u0440\u044b\u0442\u0430 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 Oracle, \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u043a\u0443\u043f\u043b\u0435\u043d\u044b UNC1945 \u043d\u0430 \u0447\u0435\u0440\u043d\u043e\u043c \u0440\u044b\u043d\u043a\u0435, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043e \u043f\u0440\u043e\u0434\u0430\u0436\u0435 \"\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0434\u043b\u044f Oracle Solaris\" \u043f\u043e\u044f\u0432\u0438\u043b\u043e\u0441\u044c \u043d\u0430 \u043e\u0434\u043d\u043e\u043c \u0438\u0437 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u0445 \u0444\u043e\u0440\u0443\u043c\u043e\u0432 \u0432 \u0430\u043f\u0440\u0435\u043b\u0435 2020 \u0433\u043e\u0434\u0430 \u043f\u043e \u0446\u0435\u043d\u0435 \u0432 3000 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432. \u0421 \u0434\u0440\u0443\u0433\u043e\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u044b UNC1945 \u0432\u0437\u043b\u0430\u043c\u044b\u0432\u0430\u043b\u0438 Solaris, \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u0441\u0435\u0433\u043e, \u0435\u0449\u0435 \u0441 \u043a\u043e\u043d\u0446\u0430 2018 \u0433\u043e\u0434\u0430.\n\n\u0425\u0430\u043a\u0435\u0440\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430, \u043f\u043e \u0441\u043b\u043e\u0432\u0430\u043c FireEye, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432\u0435\u0441\u044c\u043c\u0430 \u043f\u0440\u043e\u0434\u0432\u0438\u043d\u0443\u0442\u043e\u0439. \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0439 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0441\u043e\u0432\u043e\u043a\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0430\u0432\u0442\u043e\u0440\u0441\u043a\u0438\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043e\u0432 \u0438 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0433\u043e \u041f\u041e, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 Mimikatz. \u0418\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u043f\u043e \u0432\u0437\u043b\u043e\u043c\u0443 \u0441\u0435\u0442\u0435\u0439, \u0438\u0445 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0439 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0438, \u0431\u043e\u043a\u043e\u0432\u043e\u043c\u0443 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044e, \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u043a\u0430\u043d\u0430\u043b\u0430 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u043c\u0438 \u0446\u0435\u043d\u0442\u0440\u0430\u043c\u0438 \u0438 \u043f\u0440. \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043f\u0440\u043e\u0444\u0435\u0441\u0441\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0438 \u0432\u044b\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u043c\u0438. \u041e\u043d\u0438 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e\u0441\u0442\u044c \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043a\u0430\u043a \u0441 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c Windows, \u0442\u0430\u043a \u0438 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c NIX.\n\n\u0412 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0445\u0430\u043a\u0435\u0440\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0441\u0431\u043e\u0440\u043a\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b QEMU, \u0432 \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0432\u0445\u043e\u0434\u0438\u043b\u0438 \u041e\u0421 Tiny Core Linux \u0438 \u043d\u0430\u0431\u043e\u0440 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f FireEye \u043e \u043d\u0435\u043e\u0434\u043d\u043e\u043a\u0440\u0430\u0442\u043d\u043e \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0432\u0437\u043b\u043e\u043c\u0430\u0445 \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b UNC1945, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0435 \u0441\u043c\u043e\u0433\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u043a\u0430\u043a\u0443\u044e-\u043b\u0438\u0431\u043e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0445\u0430\u043a\u0435\u0440\u043e\u0432 \u043f\u043e \u0441\u0431\u043e\u0440\u0443 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u0437 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439. \u0412 \u043e\u0434\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u043d\u0438 \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435 \u0432\u043e \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 ransomware ROLLCOAST, \u043d\u043e \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u044e\u0442 \u044d\u0442\u043e \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u043f\u0440\u043e\u0434\u0430\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0435\u043c\u0443 \u0430\u043a\u0442\u043e\u0440\u0443.\n\n\u0427\u0442\u043e \u0436\u0435 \u0432 \u043e\u0441\u0442\u0430\u0442\u043a\u0435. \u0415\u0441\u043b\u0438 \u0431\u044b \u043d\u0435 \u0444\u0430\u043a\u0442 \u043f\u0440\u043e\u0434\u0430\u0436\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0443 ransomware, \u0442\u043e \u043c\u044b \u0431\u044b \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u043b\u0438, \u0447\u0442\u043e \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0446\u044b \u043d\u0430\u0442\u043a\u043d\u0443\u043b\u0438\u0441\u044c \u043d\u0430 \u043d\u043e\u0432\u0443\u044e \u043f\u0440\u043e\u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u0443\u044e APT, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442 \u0432\u0437\u043b\u043e\u043c\u044b \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0441 \u0446\u0435\u043b\u044c\u044e \u0441\u0431\u043e\u0440\u0430 \u043c\u0430\u0441\u0441\u0438\u0432\u043e\u0432 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u0410 \u0442\u0430\u043a - \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u044d\u0442\u043e \u0447\u0438\u0441\u0442\u043e \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f, \u0442\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043f\u0440\u043e\u0444\u0435\u0441\u0441\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e \u0438 \u0441\u043a\u0440\u044b\u0442\u043d\u043e. \u0418 \u0441 \u043d\u0435\u043f\u043e\u043d\u044f\u0442\u043d\u043e\u0439 \u043f\u043e\u043a\u0430 \u0446\u0435\u043b\u044c\u044e.", "creation_timestamp": "2020-11-03T11:47:22.000000Z"}, {"uuid": "4eefc2cf-efd1-4f27-b7d8-161cfecfadf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14871", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5060", "content": "#exploit\n1. CVE 2020-14871:\nSun Solaris PoC Exploit\nhttps://github.com/robidev/CVE-2020-14871-Exploit\n\n2. CVE-2021-45105: \nDoS via Uncontrolled Recursion in Log4j Strsubstitutor\nhttps://www.zerodayinitiative.com/blog/2021/12/17/cve-2021-45105-denial-of-service-via-uncontrolled-recursion-in-log4j-strsubstitutor", "creation_timestamp": "2021-12-26T14:22:34.000000Z"}]}