{"vulnerability": "CVE-2021-21972", "sightings": [{"uuid": "55cf0785-417e-430a-ac81-aefbc22371d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "2d2e421f-7cef-4658-b490-cacac421dbae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:20.000000Z"}, {"uuid": "56935723-d7cc-4161-aabe-f7f6bc7b5ccd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "MISP/f5a2b241-a2c4-45f6-91ae-cb88bf44dfbf", "content": "", "creation_timestamp": "2021-02-25T09:32:59.000000Z"}, {"uuid": "5ef75670-06a8-45d3-a61a-50e97c9d1a05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2970895", "content": "", "creation_timestamp": "2024-12-24T20:21:23.876124Z"}, {"uuid": "6b97836b-3630-4537-9a15-f2f24464f78e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "be926bb4-d03d-4bfd-a56c-ee2a90fd2333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-07)", "content": "", "creation_timestamp": "2025-02-07T00:00:00.000000Z"}, {"uuid": "7c8a9993-0035-496f-bb88-8a17a6d14e24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:34.000000Z"}, {"uuid": "36198487-e9d5-4ffa-9968-08fd20e4468f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-79593b2a-140b443d34926bc8", "content": "", "creation_timestamp": "2025-05-31T06:54:23.083640Z"}, {"uuid": "cd68f61e-f390-4164-860f-4430a19853c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-12)", "content": "", "creation_timestamp": "2025-03-12T00:00:00.000000Z"}, {"uuid": "6f1f8a44-48a4-4f0e-8135-bffaf38e9586", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-16)", "content": "", "creation_timestamp": "2025-04-16T00:00:00.000000Z"}, {"uuid": "a9503bfb-cd68-4086-8acc-6b99d2ba9d3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-14)", "content": "", "creation_timestamp": "2025-02-14T00:00:00.000000Z"}, {"uuid": "21a50b89-719a-4ecd-8536-9861687a43fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-07)", "content": "", "creation_timestamp": "2025-03-07T00:00:00.000000Z"}, {"uuid": "dc35f8ca-e04c-424e-a8f9-dd3c66916472", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:52.000000Z"}, {"uuid": "09a72221-c966-4cef-ada0-2260f9561d77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-01)", "content": "", "creation_timestamp": "2025-05-01T00:00:00.000000Z"}, {"uuid": "a8bb31d1-434d-4860-b5d5-7ceb02b1fc65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-23)", "content": "", "creation_timestamp": "2025-11-23T00:00:00.000000Z"}, {"uuid": "fbc906d5-e8a4-48af-8d59-453ac5d91494", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-08)", "content": "", "creation_timestamp": "2025-05-08T00:00:00.000000Z"}, {"uuid": "30870239-02bd-478d-8bae-7f4a55d44bef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-20)", "content": "", "creation_timestamp": "2025-11-20T00:00:00.000000Z"}, {"uuid": "ecd75be1-afa9-486d-9b0d-06e081750341", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-08)", "content": "", "creation_timestamp": "2025-05-08T00:00:00.000000Z"}, {"uuid": "f6ac0882-6720-4678-a8b0-f7a94af18c2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-23)", "content": "", "creation_timestamp": "2025-07-23T00:00:00.000000Z"}, {"uuid": "db16fdf7-0196-4f8b-a816-4a84359a0336", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-25)", "content": "", "creation_timestamp": "2025-07-25T00:00:00.000000Z"}, {"uuid": "cac47366-8fdf-437f-bc0e-ae1fe51a9c78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-10)", "content": "", "creation_timestamp": "2025-08-10T00:00:00.000000Z"}, {"uuid": "6c78742e-bb87-42f1-b2b2-dfe54d3c82b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-08)", "content": "", "creation_timestamp": "2026-03-08T00:00:00.000000Z"}, {"uuid": "6abb979e-bf90-437c-a24b-f40dc16f2417", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/vmware_vcenter_uploadova_rce.rb", "content": "", "creation_timestamp": "2021-03-08T14:08:22.000000Z"}, {"uuid": "8a50ba7a-af8f-48db-8696-aa8a86090d87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-12)", "content": "", "creation_timestamp": "2025-12-12T00:00:00.000000Z"}, {"uuid": "8edb0fa9-871a-42e0-a3ac-7fef4da8ea32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=553", "content": "", "creation_timestamp": "2021-02-24T04:00:00.000000Z"}, {"uuid": "6317b4c2-3a4f-4157-938f-d394b368ef67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-26)", "content": "", "creation_timestamp": "2026-03-26T00:00:00.000000Z"}, {"uuid": "3c7700a6-ce60-4167-982b-133deeaae157", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-30)", "content": "", "creation_timestamp": "2025-12-30T00:00:00.000000Z"}, {"uuid": "0ba791d5-97eb-4cfa-b5f0-77124701b03b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuuksia-vmwaren-tuotteissa-paivita-heti", "content": "", "creation_timestamp": "2021-02-24T10:28:10.000000Z"}, {"uuid": "7d7aeecb-d6d7-4796-bcdd-f25851495917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-21972", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/6dfe25d0-1f9e-4a1a-922c-d3d2eeaee3b1", "content": "", "creation_timestamp": "2026-02-02T12:29:07.188915Z"}, {"uuid": "71a9451f-dce3-4460-a694-470091c58fed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-21)", "content": "", "creation_timestamp": "2026-03-21T00:00:00.000000Z"}, {"uuid": "3ab57639-f0c0-401d-92ed-ab907d2b8fec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/637", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-21972 \u2013 \u1d20\u1d0d\u1d21\u1d00\u0280\u1d07 \u1d04\u029f\u026a\u1d07\u0274\u1d1b \u1d1c\u0274\u1d00\u1d1c\u1d1b\u029c\u1d0f\u0280\u026a\u1d22\u1d07\u1d05 \u1d04\u1d0f\u1d05\u1d07 \u026a\u0274\u1d0a\u1d07\u1d04\u1d1b\u026a\u1d0f\u0274 (\u0280\u1d04\u1d07)\nURL\uff1ahttps://github.com/oxctdev/CVE-2021-21972", "creation_timestamp": "2021-10-03T23:05:42.000000Z"}, {"uuid": "49fca07e-390c-4fe9-bfed-07e70019ef0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/322", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aNSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972\nURL\uff1ahttps://github.com/psc4re/NSE-scripts", "creation_timestamp": "2021-08-16T16:29:55.000000Z"}, {"uuid": "972b5622-5452-4957-ad2c-a5db421f813b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-16)", "content": "", "creation_timestamp": "2026-04-16T00:00:00.000000Z"}, {"uuid": "4d21a8f5-6c39-4723-bc65-14e8f404607f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/cKure/8210", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 CVE-2021-21972\n\nhttps://github.com/NS-Sp4ce/CVE-2021-21972", "creation_timestamp": "2021-11-25T15:47:05.000000Z"}, {"uuid": "c2c5bf60-fd44-41b5-a9b3-fd8913f2a047", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/cKure/4073", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Alleged PoC (untested) for CVE-2021-21972.\n\nhttps://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC/blob/main/CVE-2021-21972.py", "creation_timestamp": "2021-02-24T12:24:49.000000Z"}, {"uuid": "cacf1d67-5ce4-43ca-a9a2-cea213ed7020", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "https://t.me/cKure/4072", "content": "\u25a0\u25a1\u25a1\u25a1\u25a1 Shodan query for CVE-2021-21972: https://www.shodan.io/search?query=http.title%3A%22ID_VC_Welcome%22", "creation_timestamp": "2021-02-24T12:21:11.000000Z"}, {"uuid": "ca489c81-ffa9-4f9f-93b5-a63d48ef855d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "https://t.me/cKure/4071", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 #1day: CVE-2021-21972\n\nhttps://www.vmware.com/security/advisories/VMSA-2021-0002.html", "creation_timestamp": "2021-02-24T12:15:42.000000Z"}, {"uuid": "3bde8b1c-c9ea-433a-bba1-8875f76fb81c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5282", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1awebshell\n\u63cf\u8ff0\uff1a\u4e00\u6b3e\u9488\u5bf9Vcenter\u7684\u7efc\u5408\u5229\u7528\u5de5\u5177\uff0c\u5305\u542b\u76ee\u524d\u6700\u4e3b\u6d41\u7684CVE-2021-21972\u3001CVE-2021-21985\u4ee5\u53caCVE-2021-22005\u3001One Access\u7684CVE-2022-22954\u3001CVE-2022-22972/31656\u4ee5\u53calog4j\uff0c\u63d0\u4f9b\u4e00\u952e\u4e0a\u4f20webshell\uff0c\u547d\u4ee4\u6267\u884c\u6216\u8005\u4e0a\u4f20\u516c\u94a5\u4f7f\u7528SSH\u514d\u5bc6\u8fde\u63a5\nURL\uff1ahttps://github.com/Schira4396/VcenterKiller\n\n\u6807\u7b7e\uff1a#webshell", "creation_timestamp": "2023-10-05T03:18:09.000000Z"}, {"uuid": "13216f89-6e98-4584-b446-17239ddbadfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "Telegram/VmmnaWjLVLOKJxZI_hi7COzQiVloRn9Glc-UE2iEfwDfsVQ", "content": "", "creation_timestamp": "2021-02-24T22:29:01.000000Z"}, {"uuid": "15395bc5-f34e-43e7-9f8b-87862f2930fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/infobes/286", "content": "\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 RCE \u0432 VMware vCenter (CVE-2021-21972, CVE-2021-21973) \u043e\u0442 Positive Technologies.\nhttps://swarm.ptsecurity.com/unauth-rce-vmware/\n#RCE", "creation_timestamp": "2021-02-25T05:56:04.000000Z"}, {"uuid": "840f8548-b178-42b5-9b3a-6f8875ca5e85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/anwar1213xx/1357", "content": "CVE-2021-21972\n\nhttps://github.com/NS-Sp4ce/CVE-2021-21972", "creation_timestamp": "2021-11-25T12:20:02.000000Z"}, {"uuid": "1bf7ed04-5528-41db-a172-a79800e2382b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "https://t.me/ctinow/29306", "content": "Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw\n\nhttps://ift.tt/3qTkKLf", "creation_timestamp": "2021-02-25T14:07:17.000000Z"}, {"uuid": "bf57c952-fc7a-45f9-8c6e-f194d71f3dd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/878", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-21972 Exploit\nURL\uff1ahttps://github.com/NS-Sp4ce/CVE-2021-21972", "creation_timestamp": "2021-11-25T06:58:14.000000Z"}, {"uuid": "e83157e1-5d4d-4916-8637-792618c7b2bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "exploited", "source": "https://t.me/true_secator/6246", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u043f\u0440\u043e\u0443\u043a\u0440\u0430\u0438\u043d\u0441\u043a\u043e\u0439 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b\u00a0TWELVE, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430\u0441\u044c \u043d\u043e\u0432\u044b\u043c\u0438 \u0440\u0430\u0437\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 ransomware-\u0430\u0442\u0430\u043a\u0430\u043c\u0438 \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u0413\u0440\u0443\u043f\u043f\u0430 \u043d\u0430\u0447\u0430\u043b\u0430 \u0441\u0432\u043e\u044e \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0432 \u0430\u043f\u0440\u0435\u043b\u0435 2023 \u0433\u043e\u0434\u0430, \u043d\u043e \u043f\u043e\u0441\u043b\u0435 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0435\u0435 \u043a\u0430\u043d\u0430\u043b\u0430 \u0432 Telegram \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 2024 \u0433\u043e\u0434\u0430 \u0443\u0448\u043b\u0430 \u0432 \u0442\u0435\u043d\u044c.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u041b\u041a \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u043b\u0438 \u0441\u043b\u0435\u0434\u044b \u0430\u0442\u0430\u043a \u0433\u0440\u0443\u043f\u043f\u044b \u0432 \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0445 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u044f\u0445, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u043c\u0435\u043b\u0438 \u043c\u0435\u0441\u0442\u043e \u0432 \u0438\u044e\u043d\u0435.\n\n\u0412\u043c\u0435\u0441\u0442\u043e \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431\u044b \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u0442\u044c \u0432\u044b\u043a\u0443\u043f \u0437\u0430 \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0443 \u0434\u0430\u043d\u043d\u044b\u0445, Twelve \u043f\u0440\u0435\u0434\u043f\u043e\u0447\u0438\u0442\u0430\u0435\u0442 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0436\u0435\u0440\u0442\u0432, \u0430 \u0437\u0430\u0442\u0435\u043c \u0443\u043d\u0438\u0447\u0442\u043e\u0436\u0430\u0442\u044c \u0438\u0445 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0432\u0430\u0439\u043f\u0435\u0440\u0430, \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u043d\u043e\u0432\u044b\u0435 \u0430\u0440\u0442\u0435\u0444\u0430\u043a\u0442\u044b \u0442\u0430\u043a\u0436\u0435 \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u044e\u0442 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u0433\u0440\u0443\u043f\u043f\u0430 \u0438\u043c\u0435\u0435\u0442 \u0441\u0445\u043e\u0436\u0438\u0435 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u044b\u0435 \u0438 \u0442\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u0438\u0441\u0442\u0438\u043a\u0438 \u0441 \u0434\u0440\u0443\u0433\u0438\u043c \u0441\u0443\u0431\u044a\u0435\u043a\u0442\u043e\u043c \u0443\u0433\u0440\u043e\u0437, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c \u043a\u0430\u043a DARKSTAR (\u0430\u043a\u0430 Shadow \u0438\u043b\u0438 Comet), \u0442\u0430\u043a\u0436\u0435 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c ransomware.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0435\u0441\u043b\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f Twelve \u043d\u043e\u0441\u044f\u0442 \u044f\u0432\u043d\u043e \u0445\u0430\u043a\u0442\u0438\u0432\u0438\u0441\u0442\u0441\u043a\u0438\u0439 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440, \u0442\u043e DARKSTAR \u0447\u0435\u0442\u043a\u043e \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0441\u0445\u0435\u043c\u044b \u0434\u0432\u043e\u0439\u043d\u043e\u0433\u043e \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430.\n\n\u0426\u0435\u043f\u043e\u0447\u043a\u0438 \u0430\u0442\u0430\u043a \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0442\u0441\u044f \u0441 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043f\u0443\u0442\u0435\u043c \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u044f \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0438\u043b\u0438 \u0434\u043e\u043c\u0435\u043d\u043d\u044b\u043c\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0437\u0430\u043f\u0438\u0441\u044f\u043c\u0438, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442\u0441\u044f RDP \u0434\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0433\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0430\u0442\u0430\u043a \u0442\u0430\u043a\u0436\u0435 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044e\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0434\u0440\u044f\u0434\u0447\u0438\u043a\u043e\u0432 \u0436\u0435\u0440\u0442\u0432\u044b.\n\n\u0422\u0430\u043a, \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e \u043a\u0430\u043a \u043e\u043d\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u043f\u043e\u0434\u0440\u044f\u0434\u0447\u0438\u043a\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0435\u0433\u043e \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0434\u043b\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a VPN \u0441\u0432\u043e\u0435\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430.\n\n\u0421\u0440\u0435\u0434\u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0432 \u0430\u0440\u0441\u0435\u043d\u0430\u043b\u0435 Twelve: Cobalt Strike, Mimikatz, Chisel, BloodHound, PowerView, adPEAS, CrackMapExec, Advanced IP Scanner \u0438 PsExec. \u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 RDP-\u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 ngrok.\n\n\u0422\u0430\u043a\u0436\u0435 \u0438\u043c\u0435\u044e\u0442\u0441\u044f PHP \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438 \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044f\u043c\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434, \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u0438\u043b\u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u043f\u0438\u0441\u0435\u043c.\n\n\u0412\u00a0\u043e\u0434\u043d\u043e\u043c \u0438\u0437 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u041b\u041a \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, CVE-2021-21972 \u0438 CVE-2021-22005) \u0432 VMware vCenter \u0434\u043b\u044f \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u044f\u00a0\u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0431\u044d\u043a\u0434\u043e\u0440\u0430 FaceFish.\n\n\u0427\u0442\u043e\u0431\u044b \u0437\u0430\u043a\u0440\u0435\u043f\u0438\u0442\u044c\u0441\u044f \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u0434\u043e\u043c\u0435\u043d\u0430, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b PowerShell \u0434\u043b\u044f \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0433\u0440\u0443\u043f\u043f \u0434\u043e\u043c\u0435\u043d\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f ACL \u0434\u043b\u044f \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 Active Directory.\n\n\u0414\u043b\u044f \u0441\u043e\u043a\u0440\u044b\u0442\u0438\u044f \u043e\u0442 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0445\u0430\u043a\u0435\u0440\u044b \u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0441\u0432\u043e\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u041f\u041e \u0438 \u0437\u0430\u0434\u0430\u0447\u0438 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u044f\u043c\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u0438\u043b\u0438 \u0443\u0441\u043b\u0443\u0433: Update Microsoft, Yandex, YandexUpdate \u0438 intel.exe.\n\n\u0410\u0442\u0430\u043a\u0438 \u0442\u0430\u043a\u0436\u0435 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u0438\u0437\u0443\u044e\u0442\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0441\u043a\u0440\u0438\u043f\u0442\u0430 PowerShell (Sophos_kill_local.ps1) \u0434\u043b\u044f \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0437\u0430\u0449\u0438\u0442\u043d\u044b\u043c \u041f\u041e  Sophos \u043d\u0430 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0445\u043e\u0441\u0442\u0435.\n\n\u0417\u0430\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u044d\u0442\u0430\u043f\u044b \u043f\u043e\u0434\u0440\u0430\u0437\u0443\u043c\u0435\u0432\u0430\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0449\u0438\u043a\u0430 \u0437\u0430\u0434\u0430\u0447 Windows \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 ransomware \u0438 \u0432\u0430\u0439\u043f\u0435\u0440\u043e\u0432, \u043d\u043e \u043f\u0435\u0440\u0435\u0434 \u044d\u0442\u0438\u043c \u043e\u043d\u0438 \u0441\u043e\u0431\u0438\u0440\u0430\u044e\u0442 \u0438 \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u044e\u0442 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0441\u0432\u043e\u0438\u0445 \u0436\u0435\u0440\u0442\u0432\u0430\u0445 \u0447\u0435\u0440\u0435\u0437 \u0444\u0430\u0439\u043b\u043e\u043e\u0431\u043c\u0435\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0438\u0441 DropMeFiles \u0432 \u0432\u0438\u0434\u0435 ZIP-\u0430\u0440\u0445\u0438\u0432\u043e\u0432.\n\n\u0414\u043b\u044f \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 TWELVE \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0432\u0435\u0440\u0441\u0438\u044e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e\u00a0\u0432\u0438\u0440\u0443\u0441\u0430-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f LockBit 3.0, \u0441\u043a\u043e\u043c\u043f\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0438\u0437 \u0443\u0442\u0435\u043a\u0448\u0435\u0433\u043e \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u041f\u0435\u0440\u0435\u0434 \u043d\u0430\u0447\u0430\u043b\u043e\u043c \u0440\u0430\u0431\u043e\u0442\u044b \u0432\u0438\u0440\u0443\u0441-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c \u0437\u0430\u0432\u0435\u0440\u0448\u0430\u0435\u0442 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u043c\u0435\u0448\u0430\u0442\u044c \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432.\n\n\u0412\u0430\u0439\u043f\u0435\u0440, \u0438\u0434\u0435\u043d\u0442\u0438\u0447\u043d\u044b\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u043c\u0443 \u041f\u041e\u00a0Shamoon, \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 MBR \u043d\u0430 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0445 \u0434\u0438\u0441\u043a\u0430\u0445 \u0438 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u0444\u0430\u0439\u043b\u043e\u0432 \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u043e \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0431\u0430\u0439\u0442\u0430\u043c\u0438, \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043d\u0435 \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u044f \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c, \u0433\u0440\u0443\u043f\u043f\u0430 \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0433\u043e \u0438 \u0437\u043d\u0430\u043a\u043e\u043c\u043e\u0433\u043e \u0430\u0440\u0441\u0435\u043d\u0430\u043b\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u043d\u0438\u0447\u0435\u0433\u043e \u0441\u0432\u043e\u0435\u0433\u043e \u043d\u0435 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u044f, \u0447\u0442\u043e \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u043e\u0432\u0440\u0435\u043c\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u0442\u044c \u0438 \u043b\u043e\u043a\u0430\u043b\u0438\u0437\u043e\u0432\u044b\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0438 Twelve.", "creation_timestamp": "2024-09-25T13:40:05.000000Z"}, {"uuid": "6c842a87-79dd-4436-a3ce-9a92bc565ebc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "Telegram/O1JBRp9X6VOvqJmefkKwtrSLLn8Mexx_eR4K9hqx8rRuW4pn", "content": "", "creation_timestamp": "2025-02-06T02:41:37.000000Z"}, {"uuid": "468b9f0b-b478-4695-985f-8fb6b80039bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "https://t.me/arpsyndicate/893", "content": "#ExploitObserverAlert\n\nCVE-2021-21972\n\nDESCRIPTION: Exploit Observer has 132 entries related to CVE-2021-21972. The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).\n\nFIRST-EPSS: 0.974020000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-02T03:44:03.000000Z"}, {"uuid": "c8391e38-9a15-4d77-82f0-e54579750a5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "Telegram/FCOppEE1snfxNKfXaD44vpAG7SdClp-dBtkWgvlb7BE7MQ", "content": "", "creation_timestamp": "2023-09-01T04:40:00.000000Z"}, {"uuid": "9448da8f-ef18-4ac0-a045-37a6933f0288", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "Telegram/Pvc62A6r_tKsVoDhRH_qrfQGt4YUOpdlY0zgEts_t6sErQ", "content": "", "creation_timestamp": "2021-02-27T13:54:40.000000Z"}, {"uuid": "2b0183c2-8461-4af1-b4b4-b1d713544a55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "https://t.me/arpsyndicate/1307", "content": "#ExploitObserverAlert\n\nCVE-2021-21972\n\nDESCRIPTION: Exploit Observer has 132 entries related to CVE-2021-21972. The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).\n\nFIRST-EPSS: 0.974020000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-04T21:16:59.000000Z"}, {"uuid": "d5fe5dbe-a43e-4eb7-bffd-ac640735861c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/229", "content": "CVE-2021-21972 VMware vSphere Client Unauthorized File Upload to Remote Code Execution (RCE)\nhttps://github.com/oxctdev/CVE-2021-21972\n\nProof-of-Concept #poc script to #exploit Pulse Secure CVE-2021-22893\nhttps://github.com/oxctdev/CVE-2021-22893", "creation_timestamp": "2021-10-04T20:50:05.000000Z"}, {"uuid": "e1b0450e-0679-4844-9e2a-cb283b7e2d8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/186", "content": "Latest Vulnerabilities and Exploits\n\nCVE-2021-3449 OpenSSL denial-of-service exploit\nhttps://github.com/terorie/cve-2021-3449\n\nProxyToken\nhttps://github.com/bhdresh/CVE-2021-33766-ProxyToken\n\nCVES Xstream-1.4.17\nhttps://github.com/zwjjustdoit/Xstream-1.4.17\n\nCVE-2021-36934/HiveNightmare/SeriousSAM\nhttps://github.com/cube0x0/CVE-2021-36934\n\nHow to exploit a vulnerable windows driver Exploit for AsrDrv104 sys\nhttps://github.com/stong/CVE-2020-15368\n\nCVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel\nhttps://github.com/0vercl0k/CVE-2021-32537\n\nCVE-2021-28476 a guest-to-host \"Hyper-V Remote Code Execution Vulnerability\" in vmswitch sys\nhttps://github.com/0vercl0k/CVE-2021-28476\n\nCVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit\nhttps://github.com/klezVirus/CVE-2021-40444\n\nExploit Accsess network clients by sending packets in wirless TP-LINK and preparing for a mitm attack\nhttps://github.com/lhashashinl/CVE-2021-37152\n\nProof on Concept Exploit for CVE-2021-38647 (OMIGOD)\nhttps://github.com/horizon3ai/CVE-2021-38647\n\nProof of Concept Exploit for vCenter CVE-2021-21972\nhttps://github.com/horizon3ai/CVE-2021-21972\n\nProof-of-Concept (PoC) script to exploit Pulse Secure CVE-2021-22893\nhttps://github.com/ZephrFish/CVE-2021-22893\n\nCVE-2021-33766 (ProxyToken)\nhttps://github.com/demossl/CVE-2021-33766-ProxyToken\n\nCVE-2021-2456\nhttps://github.com/peterjson31337/CVE-2021-2456\n\nCVE-2021-38647 POC for RCE\nhttps://github.com/midoxnet/CVE-2021-38647\n\nCVE-2021-26084 (PoC) | Confluence Server Webwork OGNL injection\nhttps://github.com/alt3kx/CVE-2021-26084_PoC\nhttps://github.com/r0ckysec/CVE-2021-26084_Confluence\nhttps://github.com/march0s1as/CVE-2021-26084\n\n\nCVE-2021-21551 Dell Driver EoP\nhttps://github.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-21551\n\nA basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability)\nhttps://github.com/lntrx/CVE-2021-28663\n\nCVE-2021-40353 openSIS 8.0 SQL Injection\nhttps://github.com/5qu1n7/CVE-2021-40353\n\nCVE-2021-28476 Ubuntu 20.04\nhttps://github.com/sh4m2hwz/CVE-2021-28476-tools-env\n\nmy exp for chrome V8 CVE-2021-30551\nhttps://github.com/xmzyshypnc/CVE-2021-30551\n\nPOC of CVE-2021-2394\nhttps://github.com/lz2y/CVE-2021-2394\n\nWordPress Backup Guard Authenticated Remote Code Execution Exploit\nhttps://github.com/0dayNinja/CVE-2021-24155.rb\n\nExploit code for CVE-2021-33909,Just a dump of removed\nhttps://github.com/bbinfosec43/CVE-2021-33909", "creation_timestamp": "2021-09-18T23:06:09.000000Z"}, {"uuid": "cc1d9b6d-e33c-42ca-8a67-91c4034c4a67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "Telegram/wxnYNVsltG9eDjo4Ysc7LRGYEhb52IjQ7IeArUKmHe14xg", "content": "", "creation_timestamp": "2021-02-25T03:47:13.000000Z"}, {"uuid": "b50fe874-3269-4036-b0a1-09fbdb15ba30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "Telegram/-H0hRsVoeGQnCj8JUFLL9_uXEWVF-pVgluz0NuGQFNypaQ", "content": "", "creation_timestamp": "2021-03-03T14:59:28.000000Z"}, {"uuid": "eccdddb3-0a51-49ca-b0b4-97a823a61c06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "Telegram/ffmH8orvlYqLSErHcrzVedYrsYwqCHhdC48M0Bk78yBApw", "content": "", "creation_timestamp": "2021-02-25T03:46:53.000000Z"}, {"uuid": "610d9abc-280a-42b4-9918-9dda28375155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "exploited", "source": "https://t.me/true_secator/1464", "content": "\u041f\u043e\u0437\u0430\u0432\u0447\u0435\u0440\u0430 VMware \u043f\u043e\u0444\u0438\u043a\u0441\u0438\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-21972 \u0432 VMware vCenter, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043e\u0442\u043a\u0440\u044b\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Positive Technologies. \u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 (RCE) \u0431\u0435\u0437 \u043f\u0440\u043e\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0410 \u0432\u0447\u0435\u0440\u0430 \u043a\u0438\u0442\u0430\u0439\u0446\u044b \u0438\u0437 Qihoo 360 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 PoC \u043d\u043e\u0432\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0442\u0435\u043c \u0441\u0430\u043c\u044b\u043c \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0434\u0436\u0438\u043d\u0430 \u0438\u0437 \u0431\u0443\u0442\u044b\u043b\u043a\u0438.\n\nBad Packets \u0441\u0440\u0430\u0437\u0443 \u0436\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043c\u0430cc\u043e\u0432\u043e\u043c \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u0441\u0435\u0442\u0438 \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 VMware vCenter \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432. \u0422\u0430\u043a\u043e\u0432\u044b\u0445 \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0430\u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 6 \u0442\u044b\u0441.\n\n\u0421 \u0443\u0447\u0435\u0442\u043e\u043c \u0442\u043e\u0433\u043e, \u0447\u0442\u043e VMware vCenter \u0441\u0442\u043e\u044f\u0442 \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0432 \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0435\u0442\u044f\u0445, \u0442\u043e \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u043c\u043d\u043e\u0433\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043c\u043e\u0433\u0443\u0442 \u0441\u0442\u0430\u0442\u044c \u0436\u0435\u0440\u0442\u0432\u0430\u043c\u0438 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u043e\u0432 ransomware. \u041e\u0434\u043d\u043e\u0433\u043e \u0434\u043d\u044f, \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u0433\u043e \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u0432 \u0441\u0435\u0442\u0438 PoC \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0431\u0435\u0437\u0443\u0441\u043b\u043e\u0432\u043d\u043e \u043c\u0430\u043b\u043e \u0434\u043b\u044f \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0431\u041e\u043b\u044c\u0448\u0430\u044f \u0447\u0430\u0441\u0442\u044c VMware vCenter \u0431\u044b\u043b\u0430 \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u0430.\n\n\u041e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u0432\u043e\u043f\u0440\u043e\u0441 - \u0447\u0435\u043c \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0435 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b, \u043a\u043e\u0433\u0434\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u0432\u043e\u0439 proof of concept.", "creation_timestamp": "2021-02-25T12:42:24.000000Z"}, {"uuid": "b9981212-3f1e-4f4d-8fbf-c25fe13d09bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "exploited", "source": "https://t.me/true_secator/2135", "content": "\u200b\u200bVMware \u0432\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u043d\u043e\u0432\u044b\u0439 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c, \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0449\u0438\u0439 \u043e 19 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 vCenter Server \u0438 Cloud Foundation, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043d\u0430\u0434 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439.\n \n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0438\u0437 \u043d\u0438\u0445 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 \u0441\u043b\u0443\u0436\u0431\u0435 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0438 (CVE-2021-22005), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435 vCenter Server 6.7 \u0438 7.0 \u0441 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u043c\u0438 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441 \u0441\u0435\u0442\u0435\u0432\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u043f\u043e\u0440\u0442\u0443 443 \u043d\u0430 vCenter Server \u043c\u043e\u0436\u0435\u0442 \u0435\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u043e\u0439 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c, \u043a\u0442\u043e \u0438\u043c\u0435\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a vCenter Server \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0432 \u0445\u043e\u0434\u0435 \u0430\u0442\u0430\u043a\u0438 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438.\n \n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0435\u0449\u0435 \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c, Bad Packets \u0443\u0436\u0435 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432\u0441\u0435\u0433\u043e \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0447\u0430\u0441\u043e\u0432 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a VMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f. \u041f\u0440\u0438 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043e\u0431 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u043c \u043f\u0443\u0442\u0438, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 VMware \u0434\u043b\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u0441\u043c\u043e\u0433\u043b\u0438 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n \n\u0412\u043f\u0440\u043e\u0447\u0435\u043c, \u044d\u0442\u043e \u0434\u0430\u043b\u0435\u043a\u043e \u043d\u0435 \u043f\u0435\u0440\u0432\u044b\u0439 \u0441\u043b\u0443\u0447\u0430\u0439, \u043a\u043e\u0433\u0434\u0430 \u0445\u0430\u043a\u0435\u0440\u044b \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0438 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b VMware vCenter. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 \u043e\u043d\u0438 \u043f\u0440\u043e\u0432\u0435\u043b\u0438 \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0435 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 vCenter \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0431\u044b\u043b \u0432\u044b\u043f\u0443\u0449\u0435\u043d PoC \u0434\u043b\u044f RCE (CVE-2021-21972), \u0430 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u0438\u044e\u043d\u044f - \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0438\u0441\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0434\u043b\u044f CVE-2021-21985 \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043a\u043e\u0434\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.\n \n\u0421\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 Shodan \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0441\u0435\u0439\u0447\u0430\u0441 \u0442\u044b\u0441\u044f\u0447\u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0434\u043b\u044f \u043d\u043e\u0432\u043e\u0439 \u0431\u0430\u0433\u0438 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0432 \u0441\u0435\u0442\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 vCenter. VMware \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438 \u0441\u0432\u043e\u0438\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e \u043f\u043e\u043f\u044b\u0442\u043a\u0430\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043e\u0441\u043e\u0431\u043e \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u043d\u0443\u0432 \u0432\u0430\u0436\u043d\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0434\u043b\u044f CVE-2021-22005 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435.\n \n\u0418 \u0442\u0443\u0442 \u043c\u044b \u043d\u0435 \u043c\u043e\u0436\u0435\u043c \u043d\u0435 \u0441\u043e\u0433\u043b\u0430\u0441\u0438\u0442\u044c\u0441\u044f.", "creation_timestamp": "2021-09-23T13:31:21.000000Z"}, {"uuid": "48875520-9ad5-4c8f-88da-a4df25ef085f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/cyber0iq/18", "content": "Latest Vulnerabilities and Exploits\n\nCVE-2021-3449 OpenSSL denial-of-service exploit\nhttps://github.com/terorie/cve-2021-3449\n\nProxyToken\nhttps://github.com/bhdresh/CVE-2021-33766-ProxyToken\n\nCVES Xstream-1.4.17\nhttps://github.com/zwjjustdoit/Xstream-1.4.17\n\nCVE-2021-36934/HiveNightmare/SeriousSAM\nhttps://github.com/cube0x0/CVE-2021-36934\n\nHow to exploit a vulnerable windows driver Exploit for AsrDrv104 sys\nhttps://github.com/stong/CVE-2020-15368\n\nCVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel\nhttps://github.com/0vercl0k/CVE-2021-32537\n\nCVE-2021-28476 a guest-to-host \"Hyper-V Remote Code Execution Vulnerability\" in vmswitch sys\nhttps://github.com/0vercl0k/CVE-2021-28476\n\nCVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit\nhttps://github.com/klezVirus/CVE-2021-40444\n\nExploit Accsess network clients by sending packets in wirless TP-LINK and preparing for a mitm attack\nhttps://github.com/lhashashinl/CVE-2021-37152\n\nProof on Concept Exploit for CVE-2021-38647 (OMIGOD)\nhttps://github.com/horizon3ai/CVE-2021-38647\n\nProof of Concept Exploit for vCenter CVE-2021-21972\nhttps://github.com/horizon3ai/CVE-2021-21972\n\nProof-of-Concept (PoC) script to exploit Pulse Secure CVE-2021-22893\nhttps://github.com/ZephrFish/CVE-2021-22893\n\nCVE-2021-33766 (ProxyToken)\nhttps://github.com/demossl/CVE-2021-33766-ProxyToken\n\nCVE-2021-2456\nhttps://github.com/peterjson31337/CVE-2021-2456\n\nCVE-2021-38647 POC for RCE\nhttps://github.com/midoxnet/CVE-2021-38647\n\nCVE-2021-26084 (PoC) | Confluence Server Webwork OGNL injection\nhttps://github.com/alt3kx/CVE-2021-26084_PoC\nhttps://github.com/r0ckysec/CVE-2021-26084_Confluence\nhttps://github.com/march0s1as/CVE-2021-26084\n\n\nCVE-2021-21551 Dell Driver EoP\nhttps://github.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-21551\n\nA basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability)\nhttps://github.com/lntrx/CVE-2021-28663\n\nCVE-2021-40353 openSIS 8.0 SQL Injection\nhttps://github.com/5qu1n7/CVE-2021-40353\n\nCVE-2021-28476 Ubuntu 20.04\nhttps://github.com/sh4m2hwz/CVE-2021-28476-tools-env\n\nmy exp for chrome V8 CVE-2021-30551\nhttps://github.com/xmzyshypnc/CVE-2021-30551\n\nPOC of CVE-2021-2394\nhttps://github.com/lz2y/CVE-2021-2394\n\nWordPress Backup Guard Authenticated Remote Code Execution Exploit\nhttps://github.com/0dayNinja/CVE-2021-24155.rb\n\nExploit code for CVE-2021-33909,Just a dump of removed\nhttps://github.com/bbinfosec43/CVE-2021-33909", "creation_timestamp": "2021-09-25T02:14:31.000000Z"}, {"uuid": "1e9b3449-b28d-4d99-a1c9-3e5253d1edeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/reconshell/525", "content": "Unauthorized RCE in VMware vCenter\n\n#RCE #VMware #SSRF #vulnerabilities #vulnerability\n#CVE-2021-21972 #CVE-2021-21973 #CodeExecution\n\nhttps://reconshell.com/unauthorized-rce-in-vmware-vcenter/", "creation_timestamp": "2021-03-07T12:37:27.000000Z"}, {"uuid": "2b1eb70e-3ba1-4593-b087-142259264d0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/reconshell/496", "content": "CVE-2021-21972 vCenter RCE vulnerability analysis\n\n#RCE #vulnerability #CVE-2021-21972 #vCenterRCE #0day #InfoSec\n\nhttps://reconshell.com/cve-2021-21972-vcenter-rce-vulnerability-analysis/", "creation_timestamp": "2021-02-27T06:05:42.000000Z"}, {"uuid": "bc484250-1518-45e4-ade0-5564fc92916e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2807", "content": "#Analytics\n10 most exploited vulnerabilities of the week (feb 22-28)\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-21972 - VMware vCenter RCE\nhttps://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477\nhttps://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC\nhttps://github.com/NS-Sp4ce/CVE-2021-21972\nhttps://github.com/yaunsky/CVE-2021-21972\nCVE-2021-1782 - iOS\\iPadOS 14.3 kernel LPE\nhttps://t.me/cybersecuritytechnologies/2694\nCVE-2021-3177 - Python3 Buffer Overflow\nhttps://t.me/cybersecuritytechnologies/2740\nCVE-2021-21973 - VMware vCenter SSRF\nhttps://mobile.twitter.com/osama_hroot/status/1365586206982082560/photo/1\nCVE-2017-0005 - Windows GDI EoP\nhttps://t.me/cybersecuritytechnologies/443\nCVE-2021-24093 - Win Graph. Component RCE\nhttps://t.me/cybersecuritytechnologies/2806\nCVE-2021-25281/25282 - SaltStack Exploit\nhttps://github.com/Immersive-Labs-Sec/CVE-2021-25281\nCVE-2018-19518 - PHP IMAP Vuln.\nhttps://t.me/cybersecuritytechnologies/1649", "creation_timestamp": "2021-03-01T11:00:27.000000Z"}, {"uuid": "669e2a6c-9113-4bf2-b7a0-ca0c9c9fb2b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4835", "content": "#exploit\n#WLAN_Security\n1. CVE-2021-21972:\nPoC Exploit for vCenter\nhttps://github.com/NS-Sp4ce/CVE-2021-21972\nhttps://github.com/horizon3ai/CVE-2021-21972\n\n2. Exploits the Wii U's bluetooth stack to gain IOSU kernel access via bluetooth\nhttps://github.com/GaryOderNichts/bluubomb", "creation_timestamp": "2024-10-04T14:40:15.000000Z"}, {"uuid": "cfdc87ce-f56e-4a2d-8d2c-8bb13ddec9ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "https://t.me/true_secator/1751", "content": "VMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0430\u043f\u0434\u0435\u0439\u0442, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0439 \u043d\u043e\u0432\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-21985, \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d vCenter \u0432\u0435\u0440\u0441\u0438\u0439 6.5, 6.7 \u0438 7.0. \n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 (9.8 \u0438\u0437 10 \u043f\u043e CVSS) \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 (RCE) \u0431\u0435\u0437 \u043f\u0440\u043e\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0445\u0430\u043a\u0435\u0440\u0443 \u043d\u0443\u0436\u043d\u043e \u043b\u0438\u0448\u044c \u0438\u043c\u0435\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a 443 \u043f\u043e\u0440\u0442\u0443. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u043c\u043e\u0434\u0443\u043b\u0435 vSAN Health Check, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0432\u043e \u0432\u0441\u0435\u0445 \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044b\u0445 vCenter.\n\nCVE-2021-21985 \u0431\u044b\u043b\u0430 \u043d\u0430\u0439\u0434\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0438\u0437 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 Qihoo 360, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 \u043f\u043e\u0434\u0433\u0430\u0434\u0438\u043b\u0438 VMware, \u0440\u0435\u0437\u043a\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 PoC \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 CVE-2021-21972 \u0432 \u0442\u043e\u043c \u0436\u0435 \u0441\u0430\u043c\u043e\u043c vCenter.\n\n\u0412 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0434\u044b\u0440\u043a\u0435 \u0441\u0432\u0435\u0436\u0438\u0439 \u043f\u0430\u0442\u0447 \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0442\u0430\u043a\u0436\u0435 CVE-2021-21986 \u0441 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u044c\u044e 6,5, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043c\u043e\u0434\u0443\u043b\u044f\u0445 vCenter. \u041d\u043e \u044d\u0442\u043e, \u043d\u0430 \u0441\u0430\u043c\u043e\u043c \u0434\u0435\u043b\u0435, \u043d\u0435 \u0442\u0430\u043a \u0432\u0430\u0436\u043d\u043e. \u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0437\u0430\u043a\u0440\u044b\u0432 \u0431\u043e\u043b\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443 \u0432\u044b \u0437\u0430\u043a\u0440\u043e\u0435\u0442\u0435 \u0438 \u044d\u0442\u0443.\n\n\u041d\u0443 \u0430 \u043a\u0442\u043e \u043f\u0440\u0438 \u0442\u0430\u043a\u0438\u0445 \u0432\u0432\u043e\u0434\u043d\u044b\u0445 \u043d\u0435 \u0431\u0443\u0434\u0435\u0442 \u0430\u043f\u0434\u0435\u0439\u0442\u0438\u0442\u044c \u0441\u0432\u043e\u0438 vCenter - \u0442\u043e\u0442 \u0441\u0430\u043c \u0441\u0435\u0431\u0435 \u0414\u0436\u0435\u043d\u043d\u0438\u0444\u0435\u0440 \u041f\u0441\u0430\u043a\u0438.", "creation_timestamp": "2021-05-26T11:23:27.000000Z"}, {"uuid": "2b817a34-e32d-442a-869e-bb6069838153", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/4237", "content": "\ud83e\ude85ReadyAPI v3.47.0 Crack : Download\n\n\ud83d\udccdCVE-2021-21972 Vcenter Exploitation Toolkit : Download\n\n\ud83e\uddeeLanSweeper Licensed : Download\n\n\ud83d\udda8Postel \u2013 S.P.A Data Leak : Download\n\n\ud83e\udeacEternalHush Advance C2 Framework : Download\n\n\ud83d\udcefTomsk State University\u2019s Main System Source Code : Download\n\n\ud83d\udc7eCapital Television Belarus Data Leak : Download\n\n\ud83d\udd78CVE-2023-27163-InternalProber : Download", "creation_timestamp": "2023-09-01T04:39:19.000000Z"}, {"uuid": "b8c5dcfd-01b6-4bdb-bdb3-dd432f2294ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "https://t.me/cibsecurity/24088", "content": "\u203c CVE-2021-21972 \u203c\n\nThe vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-24T20:36:58.000000Z"}, {"uuid": "5679e492-dd4f-4f4a-9fd8-af029891e027", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2815", "content": "#Analytics\nTop 10 Most Used Vulnerabilities of the Month (feb 1-28)\nCVE-2021-3156 - Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-21972 - VMware vCenter RCE\nhttps://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477\nhttps://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC\nhttps://github.com/NS-Sp4ce/CVE-2021-21972\nhttps://github.com/yaunsky/CVE-2021-21972\nCVE-2021-1732 - Windows kernel 0-day exploit is used by BITTER APT\nhttps://t.me/cybersecuritytechnologies/2679\nCVE-2021-1782 - iOS\\iPadOS 14.3 kernel LPE\nhttps://t.me/cybersecuritytechnologies/2694\nCVE-2021-25646 - Apache Druid <=0.20.1 RCE\nhttps://t.me/cybersecuritytechnologies/2639\nCVE-2020-27932 - A type confusion in MacOS 10.15.7\nhttps://t.me/cybersecuritytechnologies/2383\nCVE-2021-24074, CVE-2021-24094, CVE-2021-24086 - Windows IPv4/IPv6 Stack RCE/DoS Vulnerabilities\nhttps://unit42.paloaltonetworks.com/cve-2021-24074-patch-tuesday", "creation_timestamp": "2021-03-03T05:37:03.000000Z"}, {"uuid": "a6974b75-ab6d-46df-b590-39f16260982c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2865", "content": "#Analytics\n10 most exploited vulnerabilities of the week (march 2-8)\n\nCVE-2020-1350 - Exploit SIGRed/Windows DNS Server RCE\nCVE-2021-21972 - VMware vCenter RCE (PoC1, PoC2, PoC3)\nCVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 - ProxyLogon MS Exchange Server RCE\nCVE-2021-21166 - Chrome Audio RCE\nCVE-2021-21978 - VMware View Planner\u00a0RCE\nCVE-2021-21315 - Node.JS OS sanitize service Parameters Command Injection\nCVE-2021-23132 - RCE in Joomla core <=3.9.24", "creation_timestamp": "2024-10-14T07:14:24.000000Z"}, {"uuid": "ae92e083-1f7b-47fa-9327-fbf743139f81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2782", "content": "#Red_Team_Tactics\n1. Rootkit Arsenal Guacamole\n// An attempt to restore and adapt to modern Win10 version the Rootkit Arsenal original code sampls. All projects have been ported to x64 and tested on latest Win10 (2004-19041.746)\nhttps://github.com/uf0o/rootkit-arsenal-guacamole\n\n2. CVE-2021-21972 (1-day):\nThe vSphere Client (HTML5) contains a RCE vulnerability in a vCenter Server plugin (PoCs)\nhttps://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477\n]-> https://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC\n]-> https://github.com/NS-Sp4ce/CVE-2021-21972\n]-> https://github.com/yaunsky/CVE-2021-21972\n]-> PoC for Unix VCSA:\nhttps://github.com/yaunsky/CVE-2021-21972\n\n3. A solid XSS payload that bypasses Imperva WAF\nclick", "creation_timestamp": "2023-02-21T10:55:48.000000Z"}, {"uuid": "b719959b-c29d-44a6-8049-c2cc887ca409", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "published-proof-of-concept", "source": "https://t.me/cyber0iq/19", "content": "Latest Vulnerabilities and Exploits\n\nCVE-2021-3449 OpenSSL denial-of-service exploit\nhttps://github.com/terorie/cve-2021-3449\n\nProxyToken\nhttps://github.com/bhdresh/CVE-2021-33766-ProxyToken\n\nCVES Xstream-1.4.17\nhttps://github.com/zwjjustdoit/Xstream-1.4.17\n\nCVE-2021-36934/HiveNightmare/SeriousSAM\nhttps://github.com/cube0x0/CVE-2021-36934\n\nHow to exploit a vulnerable windows driver Exploit for AsrDrv104 sys\nhttps://github.com/stong/CVE-2020-15368\n\nCVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel\nhttps://github.com/0vercl0k/CVE-2021-32537\n\nCVE-2021-28476 a guest-to-host \"Hyper-V Remote Code Execution Vulnerability\" in vmswitch sys\nhttps://github.com/0vercl0k/CVE-2021-28476\n\nCVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit\nhttps://github.com/klezVirus/CVE-2021-40444\n\nExploit Accsess network clients by sending packets in wirless TP-LINK and preparing for a mitm attack\nhttps://github.com/lhashashinl/CVE-2021-37152\n\nProof on Concept Exploit for CVE-2021-38647 (OMIGOD)\nhttps://github.com/horizon3ai/CVE-2021-38647\n\nProof of Concept Exploit for vCenter CVE-2021-21972\nhttps://github.com/horizon3ai/CVE-2021-21972\n\nProof-of-Concept (PoC) script to exploit Pulse Secure CVE-2021-22893\nhttps://github.com/ZephrFish/CVE-2021-22893\n\nCVE-2021-33766 (ProxyToken)\nhttps://github.com/demossl/CVE-2021-33766-ProxyToken\n\nCVE-2021-2456\nhttps://github.com/peterjson31337/CVE-2021-2456\n\nCVE-2021-38647 POC for RCE\nhttps://github.com/midoxnet/CVE-2021-38647\n\nCVE-2021-26084 (PoC) | Confluence Server Webwork OGNL injection\nhttps://github.com/alt3kx/CVE-2021-26084_PoC\nhttps://github.com/r0ckysec/CVE-2021-26084_Confluence\nhttps://github.com/march0s1as/CVE-2021-26084\n\n\nCVE-2021-21551 Dell Driver EoP\nhttps://github.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-21551\n\nA basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability)\nhttps://github.com/lntrx/CVE-2021-28663\n\nCVE-2021-40353 openSIS 8.0 SQL Injection\nhttps://github.com/5qu1n7/CVE-2021-40353\n\nCVE-2021-28476 Ubuntu 20.04\nhttps://github.com/sh4m2hwz/CVE-2021-28476-tools-env\n\nmy exp for chrome V8 CVE-2021-30551\nhttps://github.com/xmzyshypnc/CVE-2021-30551\n\nPOC of CVE-2021-2394\nhttps://github.com/lz2y/CVE-2021-2394\n\nWordPress Backup Guard Authenticated Remote Code Execution Exploit\nhttps://github.com/0dayNinja/CVE-2021-24155.rb\n\nExploit code for CVE-2021-33909,Just a dump of removed\nhttps://github.com/bbinfosec43/CVE-2021-33909", "creation_timestamp": "2021-09-25T02:15:23.000000Z"}, {"uuid": "531b1458-1cc1-40cb-898d-faf83ae0ba48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "Telegram/AXqxRopEcOt0emfYawXZpVytwVQTScN-ANzCq_HlfmybLg", "content": "", "creation_timestamp": "2021-02-25T22:24:27.000000Z"}, {"uuid": "e0c00998-f170-4473-a9b4-c56ff4c6127f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21972", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-04)", "content": "", "creation_timestamp": "2026-05-04T00:00:00.000000Z"}]}