{"vulnerability": "CVE-2021-3679", "sightings": [{"uuid": "d3528f7b-7e57-4918-b43d-885b269cb303", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36798", "type": "seen", "source": "MISP/dac4a394-901f-4da9-803d-152022783e17", "content": "", "creation_timestamp": "2024-11-14T06:09:33.000000Z"}, {"uuid": "6d58ea00-9974-4c76-bbb8-a5bfdcb1da2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36798", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/341", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCobalt Strike\n\u63cf\u8ff0\uff1aCobalt Strike < 4.4 dos CVE-2021-36798 \nURL\uff1ahttps://github.com/M-Kings/CVE-2021-36798", "creation_timestamp": "2021-08-19T11:33:03.000000Z"}, {"uuid": "5dae387c-581d-4d83-bf49-c113d07b5237", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36798", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/340", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCobalt Strike < 4.4 dos CVE-2021-36798 \nURL\uff1ahttps://github.com/M-Kings/CVE-2021-36798-", "creation_timestamp": "2021-08-19T11:28:33.000000Z"}, {"uuid": "31fb9e9d-62ef-4e53-89af-66e9408c02f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36799", "type": "seen", "source": "https://t.me/cibsecurity/32128", "content": "\u203c CVE-2021-43575 \u203c\n\n** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-10T02:35:27.000000Z"}, {"uuid": "03417a6b-f2b9-4088-8d0e-88ce51d5b32a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36799", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/830", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aETS5 Password Recovery Tool is a PoC for CVE-2021-36799\nURL\uff1ahttps://github.com/robertguetzkow/ets5-password-recovery", "creation_timestamp": "2021-11-08T21:56:03.000000Z"}, {"uuid": "318a88f2-e1bd-4524-9b0f-15a9c35d9c35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36798", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/602", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCobalt Strike\n\u63cf\u8ff0\uff1aCVE-2021-36798 Exp: Cobalt Strike < 4.4 Dos\nURL\uff1ahttps://github.com/JamVayne/CobaltStrikeDos", "creation_timestamp": "2021-09-27T05:05:54.000000Z"}, {"uuid": "04873b0e-fe6f-41ef-95f5-f5a2058e63af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36799", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/407", "content": "#Exploit for #CVE-2021-40449\nWin32k Elevation\nhttps://github.com/Kristal-g/CVE-2021-40449_poc\n\n#poc for #CVE-2021-36799\nETS5 Password Recovery\nhttps://github.com/robertguetzkow/ets5-password-recovery\n\nA sample #poc for #CVE-2021-30657\naffecting MacOS\nhttps://github.com/shubham0d/CVE-2021-30657\n\n#Exploitation code for #CVE-2021-40539\nZoho ManageEngine ADSelfService Plus\nhttps://github.com/synacktiv/CVE-2021-40539\n\nVMWARE VCENTER SERVER VIRTUAL SAN HEALTH CHECK PLUG-IN RCE #CVE-2021-21985\nhttps://github.com/sknux/CVE-2021-21985_PoC", "creation_timestamp": "2021-11-10T09:32:12.000000Z"}, {"uuid": "67f6f650-73ec-43c3-829c-ae3314ce6e9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36794", "type": "seen", "source": "https://t.me/cibsecurity/31605", "content": "\u203c CVE-2021-36794 \u203c\n\nIn Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-02T17:22:43.000000Z"}, {"uuid": "4b9d2bcc-7f79-4966-b4a2-93c8137493ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3679", "type": "seen", "source": "https://t.me/cibsecurity/26902", "content": "\u203c CVE-2021-3679 \u203c\n\nA lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-06T00:31:45.000000Z"}, {"uuid": "9d37ef00-26cd-4ca3-ae59-263e58e62003", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36798", "type": "seen", "source": "https://t.me/cibsecurity/27012", "content": "\u203c CVE-2021-36798 \u203c\n\nA Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-09T16:36:57.000000Z"}, {"uuid": "6cfca4c1-8927-49fe-be11-4754ea4dda0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36790", "type": "seen", "source": "https://t.me/cibsecurity/27330", "content": "\u203c CVE-2021-36790 \u203c\n\nThe dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-13T20:41:31.000000Z"}, {"uuid": "4c002b2e-601b-4d26-858c-175cc79d2179", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36792", "type": "seen", "source": "https://t.me/cibsecurity/27324", "content": "\u203c CVE-2021-36792 \u203c\n\nThe dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-13T20:41:21.000000Z"}, {"uuid": "9be26b8a-ce8b-493a-ad64-dbb1306468d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36793", "type": "seen", "source": "https://t.me/cibsecurity/27320", "content": "\u203c CVE-2021-36793 \u203c\n\nThe routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-13T20:41:14.000000Z"}, {"uuid": "66f7ae43-55bc-4c5a-91c9-7dd4a43dbd92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-36798", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/830", "content": "CVE-2021-36798 CobaltStrike\u62d2\u7d55\u670d\u52d9\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2021-36798_CobaltStrike%E6%8B%92%E7%B5%95%E6%9C%8D%E5%8B%99%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-09-21T04:41:59.000000Z"}]}