{"vulnerability": "CVE-2021-3923", "sightings": [{"uuid": "1d84bb89-eb42-49d5-8a05-c18af8268152", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39238", "type": "seen", "source": "MISP/38da0888-10db-4783-a3d8-f14b77b0f3dd", "content": "", "creation_timestamp": "2021-12-09T14:11:31.000000Z"}, {"uuid": "89d13814-282d-4ef2-9fc9-d378b82c66b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3923", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5224", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-3923\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.\n\ud83d\udccf Published: 2023-03-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-24T19:19:01.209Z\n\ud83d\udd17 References:\n1. https://bugzilla.redhat.com/show_bug.cgi?id=2019643\n2. https://lore.kernel.org/all/20220204100036.GA12348%40kili/", "creation_timestamp": "2025-02-24T20:22:30.000000Z"}, {"uuid": "08de76fb-cfb1-4078-92f2-96bf2dd0b53e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39238", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/2393", "content": "\u200b\u200b\u0410\u043b\u0435\u043a\u0441\u0430\u043d\u0434\u0440 \u0411\u043e\u043b\u044c\u0448\u0435\u0432 \u0438 \u0422\u0438\u043c\u043e \u0425\u0438\u0440\u0432\u043e\u043d\u0435\u043d, \u0441\u043f\u0435\u0446\u044b \u0438\u0437 F-Secure, \u0440\u0430\u0441\u043a\u043e\u0432\u044b\u0440\u044f\u043b\u0438 \u043f\u043e-\u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u043c\u0443 \u0434\u043e\u0441\u0430\u0434\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 8-\u043b\u0435\u0442\u043d\u0435\u0439 \u0434\u0430\u0432\u043d\u043e\u0441\u0442\u0438.\n \n\u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u043e\u0432 Hewlett Packard, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0434\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f 2013 \u0433\u043e\u0434\u043e\u043c \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 150 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043c\u043d\u043e\u0433\u043e\u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432: CVE-2021-39237 \u0438 CVE-2021-39238.\n \n\u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0434\u0432\u0443\u0445 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u043e\u0440\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u043f\u043e\u043b\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443, \u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n \n\u0412\u0442\u043e\u0440\u0430\u044f \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u0440\u0441\u0435\u0440\u0435 \u0448\u0440\u0438\u0444\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043d\u0430\u043c\u043d\u043e\u0433\u043e \u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,3. \u0415\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0434\u0430\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0442\u0430\u043a\u0436\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u0443 \u0431\u044b\u0441\u0442\u0440\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c\u0441\u044f \u0441 \u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u0430 \u043d\u0430 \u0432\u0441\u044e \u0441\u0435\u0442\u044c.\n \nF-Secure \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 \u041c\u0424\u0423 HP M725z \u043e\u0442\u043a\u0430\u0442\u0430\u043b\u0438 \u0432\u0441\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u0432\u0435\u043a\u0442\u043e\u0440\u0430 \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (\u043f\u0440\u044f\u043c\u0430\u044f \u0430\u0442\u0430\u043a\u0430 \u0447\u0435\u0440\u0435\u0437 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0435 \u043f\u043e\u0440\u0442\u044b UART, \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u043d\u0430 \u043f\u0440\u0438\u043d\u0442\u0435\u0440 \u043d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0438\u0437 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e HTTP POST \u043d\u0430 \u043f\u043e\u0440\u0442 JetDirect 9100/TCP, \u043f\u0435\u0447\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430 \u0438 \u0434\u0440.) \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438, \u0447\u0442\u043e\u0431\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c CVE-2021-39238 \u0445\u0430\u043a\u0435\u0440\u0443 \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u043a\u0443\u043d\u0434, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u043e\u043f\u044b\u0442\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u0432\u0437\u043b\u043e\u043c \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 CVE-2021-39237 \u043c\u0435\u043d\u0435\u0435 \u0447\u0435\u043c \u0437\u0430 5 \u043c\u0438\u043d\u0443\u0442.\n \n\u0421\u0432\u043e\u0438\u043c\u0438 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430\u043c\u0438 \u043e\u043d\u0438 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u0441 HP \u0435\u0449\u0435 29 \u0430\u043f\u0440\u0435\u043b\u044f 2021 \u0433\u043e\u0434\u0430, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u0447\u0438\u0441\u043b\u043e \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439. \u041a 1 \u043d\u043e\u044f\u0431\u0440\u044f 2021 \u0433\u043e\u0434\u0430 HP \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0448\u0438\u0432\u043e\u043a \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u044d\u0442\u0438\u0445 \u0431\u0430\u0433.\n \n\u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043b\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 HP \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0438\u0441\u044c \u043e\u0442\u043a\u0440\u044b\u0442\u044b \u0434\u043b\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0432\u0438\u0434\u0430 \u0430\u0442\u0430\u043a. \u0420\u0430\u0434\u0443\u0435\u0442, \u0447\u0442\u043e F-Secure \u043d\u0435 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435. \u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u041c\u0424\u0423 \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 \u0441\u0432\u043e\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435.\n \n\u041f\u043e\u043c\u043e\u0436\u0435\u0442 \u0442\u0430\u043a\u0436\u0435 \u0438 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043f\u0435\u0447\u0430\u0442\u0438 \u0441 USB, \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u0430 \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u0443\u044e VLAN \u0437\u0430 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u043e\u043c, \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0438\u0441\u0445\u043e\u0434\u044f\u0449\u0438\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u043e\u0442 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u0430 \u0441\u043f\u0438\u0441\u043a\u043e\u043c \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0435\u0447\u0430\u0442\u0438 \u0434\u043b\u044f \u0441\u0432\u044f\u0437\u0438 \u043c\u0435\u0436\u0434\u0443 \u0440\u0430\u0431\u043e\u0447\u0438\u043c\u0438 \u0441\u0442\u0430\u043d\u0446\u0438\u044f\u043c\u0438 \u0438 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u0430\u043c\u0438.\n\n\u041a\u0430\u043a \u043a\u043e\u0433\u0434\u0430-\u0442\u043e, \u043c\u044b \u0443\u0436\u0435 \u0448\u0443\u0442\u0438\u043b\u0438, \u0434\u0435\u0440\u0436\u0438\u0442\u0435 \u0441\u0432\u043e\u0439 \u043f\u0440\u0438\u043d\u0442\u0435\u0440 \u043d\u0430 \u043a\u043e\u0440\u043e\u0442\u043a\u043e\u043c \u043f\u043e\u0432\u043e\u0434\u043a\u0435.", "creation_timestamp": "2021-12-01T13:11:02.000000Z"}, {"uuid": "715f0eda-8b13-4b40-9368-1fd355868381", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39237", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/2393", "content": "\u200b\u200b\u0410\u043b\u0435\u043a\u0441\u0430\u043d\u0434\u0440 \u0411\u043e\u043b\u044c\u0448\u0435\u0432 \u0438 \u0422\u0438\u043c\u043e \u0425\u0438\u0440\u0432\u043e\u043d\u0435\u043d, \u0441\u043f\u0435\u0446\u044b \u0438\u0437 F-Secure, \u0440\u0430\u0441\u043a\u043e\u0432\u044b\u0440\u044f\u043b\u0438 \u043f\u043e-\u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u043c\u0443 \u0434\u043e\u0441\u0430\u0434\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 8-\u043b\u0435\u0442\u043d\u0435\u0439 \u0434\u0430\u0432\u043d\u043e\u0441\u0442\u0438.\n \n\u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u043e\u0432 Hewlett Packard, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0434\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f 2013 \u0433\u043e\u0434\u043e\u043c \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 150 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043c\u043d\u043e\u0433\u043e\u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432: CVE-2021-39237 \u0438 CVE-2021-39238.\n \n\u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0434\u0432\u0443\u0445 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u043e\u0440\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u043f\u043e\u043b\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443, \u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n \n\u0412\u0442\u043e\u0440\u0430\u044f \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u0440\u0441\u0435\u0440\u0435 \u0448\u0440\u0438\u0444\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043d\u0430\u043c\u043d\u043e\u0433\u043e \u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,3. \u0415\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0434\u0430\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0442\u0430\u043a\u0436\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u0443 \u0431\u044b\u0441\u0442\u0440\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c\u0441\u044f \u0441 \u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u0430 \u043d\u0430 \u0432\u0441\u044e \u0441\u0435\u0442\u044c.\n \nF-Secure \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 \u041c\u0424\u0423 HP M725z \u043e\u0442\u043a\u0430\u0442\u0430\u043b\u0438 \u0432\u0441\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u0432\u0435\u043a\u0442\u043e\u0440\u0430 \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (\u043f\u0440\u044f\u043c\u0430\u044f \u0430\u0442\u0430\u043a\u0430 \u0447\u0435\u0440\u0435\u0437 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0435 \u043f\u043e\u0440\u0442\u044b UART, \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u043d\u0430 \u043f\u0440\u0438\u043d\u0442\u0435\u0440 \u043d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0438\u0437 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e HTTP POST \u043d\u0430 \u043f\u043e\u0440\u0442 JetDirect 9100/TCP, \u043f\u0435\u0447\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430 \u0438 \u0434\u0440.) \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438, \u0447\u0442\u043e\u0431\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c CVE-2021-39238 \u0445\u0430\u043a\u0435\u0440\u0443 \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u043a\u0443\u043d\u0434, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u043e\u043f\u044b\u0442\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u0432\u0437\u043b\u043e\u043c \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 CVE-2021-39237 \u043c\u0435\u043d\u0435\u0435 \u0447\u0435\u043c \u0437\u0430 5 \u043c\u0438\u043d\u0443\u0442.\n \n\u0421\u0432\u043e\u0438\u043c\u0438 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430\u043c\u0438 \u043e\u043d\u0438 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u0441 HP \u0435\u0449\u0435 29 \u0430\u043f\u0440\u0435\u043b\u044f 2021 \u0433\u043e\u0434\u0430, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u0447\u0438\u0441\u043b\u043e \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439. \u041a 1 \u043d\u043e\u044f\u0431\u0440\u044f 2021 \u0433\u043e\u0434\u0430 HP \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0448\u0438\u0432\u043e\u043a \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u044d\u0442\u0438\u0445 \u0431\u0430\u0433.\n \n\u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043b\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 HP \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0438\u0441\u044c \u043e\u0442\u043a\u0440\u044b\u0442\u044b \u0434\u043b\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0432\u0438\u0434\u0430 \u0430\u0442\u0430\u043a. \u0420\u0430\u0434\u0443\u0435\u0442, \u0447\u0442\u043e F-Secure \u043d\u0435 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435. \u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u041c\u0424\u0423 \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 \u0441\u0432\u043e\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435.\n \n\u041f\u043e\u043c\u043e\u0436\u0435\u0442 \u0442\u0430\u043a\u0436\u0435 \u0438 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043f\u0435\u0447\u0430\u0442\u0438 \u0441 USB, \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u0430 \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u0443\u044e VLAN \u0437\u0430 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u043e\u043c, \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0438\u0441\u0445\u043e\u0434\u044f\u0449\u0438\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u043e\u0442 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u0430 \u0441\u043f\u0438\u0441\u043a\u043e\u043c \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0435\u0447\u0430\u0442\u0438 \u0434\u043b\u044f \u0441\u0432\u044f\u0437\u0438 \u043c\u0435\u0436\u0434\u0443 \u0440\u0430\u0431\u043e\u0447\u0438\u043c\u0438 \u0441\u0442\u0430\u043d\u0446\u0438\u044f\u043c\u0438 \u0438 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u0430\u043c\u0438.\n\n\u041a\u0430\u043a \u043a\u043e\u0433\u0434\u0430-\u0442\u043e, \u043c\u044b \u0443\u0436\u0435 \u0448\u0443\u0442\u0438\u043b\u0438, \u0434\u0435\u0440\u0436\u0438\u0442\u0435 \u0441\u0432\u043e\u0439 \u043f\u0440\u0438\u043d\u0442\u0435\u0440 \u043d\u0430 \u043a\u043e\u0440\u043e\u0442\u043a\u043e\u043c \u043f\u043e\u0432\u043e\u0434\u043a\u0435.", "creation_timestamp": "2021-12-01T13:11:02.000000Z"}, {"uuid": "7ae8021d-d7b6-4d19-8e84-9a14cfbfae35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39236", "type": "seen", "source": "https://t.me/ctinow/158650", "content": "https://ift.tt/SHqOje0\nCVE-2021-39236 Exploit", "creation_timestamp": "2023-12-22T23:16:56.000000Z"}, {"uuid": "016d6b16-ed92-4ad0-9509-f1ad9fee92a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39234", "type": "seen", "source": "https://t.me/cibsecurity/32683", "content": "\u203c CVE-2021-39234 \u203c\n\nIn Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T12:16:42.000000Z"}, {"uuid": "44900884-0529-42ce-b59c-e341f109b986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39231", "type": "seen", "source": "https://t.me/cibsecurity/32681", "content": "\u203c CVE-2021-39231 \u203c\n\nIn Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T12:16:40.000000Z"}, {"uuid": "b0f1ceb1-c99e-40b9-865e-801cc8626ac5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39235", "type": "seen", "source": "https://t.me/cibsecurity/32680", "content": "\u203c CVE-2021-39235 \u203c\n\nIn Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T12:16:39.000000Z"}, {"uuid": "c64e159d-a56c-4ec7-8e4e-3531ae1105f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39236", "type": "seen", "source": "https://t.me/cibsecurity/32677", "content": "\u203c CVE-2021-39236 \u203c\n\nIn Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T12:16:34.000000Z"}, {"uuid": "2bdf90f9-aace-466b-abf2-1c881fd2bab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39232", "type": "seen", "source": "https://t.me/cibsecurity/32676", "content": "\u203c CVE-2021-39232 \u203c\n\nIn Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T12:16:33.000000Z"}, {"uuid": "23d47839-6d1a-418b-9991-2cdc0dd08d73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39233", "type": "seen", "source": "https://t.me/cibsecurity/32675", "content": "\u203c CVE-2021-39233 \u203c\n\nIn Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T12:16:32.000000Z"}, {"uuid": "1707f072-f193-4ee1-970e-300980e3314f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39239", "type": "seen", "source": "https://t.me/cibsecurity/28995", "content": "\u203c CVE-2021-39239 \u203c\n\nA vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-16T18:22:56.000000Z"}, {"uuid": "de7d2155-ea79-4e37-8a29-7616ffd609f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39237", "type": "seen", "source": "https://t.me/cibsecurity/31690", "content": "\u203c CVE-2021-39237 \u203c\n\nCertain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-03T06:23:21.000000Z"}, {"uuid": "a38da112-b2c1-4468-9a58-bd5925af8415", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39230", "type": "seen", "source": "https://t.me/cibsecurity/29194", "content": "\u203c CVE-2021-39230 \u203c\n\nButter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-21T20:28:03.000000Z"}, {"uuid": "34005f64-366c-4d81-b4ed-80735859d79e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39238", "type": "seen", "source": "https://t.me/thehackernews/1693", "content": "F-secure researchers discover a critical WORMABLE security vulnerability (CVE-2021-39238) in hundreds of different HP Printers.\n\n-\ud83d\udda8\ufe0f-\ud83d\udda8\ufe0f-\ud83d\udda8\ufe0f-\ud83d\udda8\ufe0f-\ud83d\udda8\ufe0f-\ud83d\udda8\ufe0f-\ud83d\udda8\ufe0f-\n\nRead details: https://thehackernews.com/2021/11/critical-wormable-security-flaw-found.html", "creation_timestamp": "2023-06-30T19:58:29.000000Z"}, {"uuid": "b0374bcc-89b5-4d23-9fe3-576090c6d828", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39239", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4454", "content": "#exploit\n1. CVE-2021-39239:\nA vulnerability in XML processing in Apache Jena &lt;4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server\nhttps://github.com/AKIA27TACKEDYE76PUGU/CVE-2021-39239\n\n2. CVE-2021-24620:\nRCE in WordPress Simple Ecomm. Shopping Cart &lt;2.2.5\nhttps://github.com/AKIA27TACKEDYE76PUGU/CVE-2021-24620\n\n3. CVE-2021-41773:\nApache 2.4.49 Path Traversal\nhttps://github.com/numanturle/CVE-2021-41773\nhttps://github.com/habibiefaried/CVE-2021-41773-PoC", "creation_timestamp": "2024-05-14T02:35:13.000000Z"}, {"uuid": "bc8e369e-641c-42fd-9ddc-ba888fc1a66b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39238", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4874", "content": "#Threat_Research\n\"With Great Research Comes Great Responsibility: Printing Shellz (CVE-2021-39237, CVE-2021-39238)\", 2021.\nhttps://labs.f-secure.com/publications/printing-shellz", "creation_timestamp": "2021-12-01T11:01:01.000000Z"}, {"uuid": "af5c90da-c734-4fda-b38f-75524d1a26c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39237", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4874", "content": "#Threat_Research\n\"With Great Research Comes Great Responsibility: Printing Shellz (CVE-2021-39237, CVE-2021-39238)\", 2021.\nhttps://labs.f-secure.com/publications/printing-shellz", "creation_timestamp": "2021-12-01T11:01:01.000000Z"}]}