{"vulnerability": "CVE-2021-4225", "sightings": [{"uuid": "71a9fcae-0ea9-4eae-8e75-4c8f801f6d92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42258", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:17.000000Z"}, {"uuid": "c197f8e3-d4af-4db9-a5b9-5ba78f94db22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42258", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "f8730d7c-fae1-4b8a-a97b-afb1d204eb93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42258", "type": "seen", "source": "MISP/63ddead6-4b82-414c-ad8e-c516b950b446", "content": "", "creation_timestamp": "2021-10-25T22:32:43.000000Z"}, {"uuid": "787ac87a-13a1-4d96-a6a7-2a56da73e519", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42258", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-42258.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "78a2183d-a808-461f-8a7c-9a3392e44d63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42258", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971118", "content": "", "creation_timestamp": "2024-12-24T20:24:31.116819Z"}, {"uuid": "52c7fd8e-18ea-4504-b9a8-e7bfb9947c8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42258", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "79fc42a4-88a2-4459-8393-1a3a98142077", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42258", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/billquick_txtid_sqli.rb", "content": "", "creation_timestamp": "2021-11-11T23:23:32.000000Z"}, {"uuid": "81b90ff7-02dd-4d28-9c0f-20d195a00767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42258", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:40.000000Z"}, {"uuid": "6f8aa11d-0c56-494f-ac5d-b7a15b027a53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42258", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:58.000000Z"}, {"uuid": "c47c4408-7d65-4cd4-aeda-f6b568f8fdd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-42258", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/c5664c96-b3ed-49d9-8959-d90f8b742d15", "content": "", "creation_timestamp": "2026-02-02T12:28:39.665549Z"}, {"uuid": "7f6752b7-1064-42b9-8a99-c5ec89e921bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42250", "type": "seen", "source": "https://t.me/cibsecurity/32521", "content": "\u203c CVE-2021-42250 \u203c\n\nImproper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T18:14:34.000000Z"}, {"uuid": "51c157fb-d8eb-4dff-8a40-27beca7c974d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42258", "type": "seen", "source": "https://t.me/true_secator/2254", "content": "\u041d\u0438 \u0434\u043d\u044f \u0431\u0435\u0437 ransomware: \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 BQE Software \u0432\u0434\u043e\u043b\u044c \u0438 \u043f\u043e\u043f\u0435\u0440\u0435\u043a \u0448\u0438\u0444\u0440\u0443\u044e\u0442 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0432 \u0431\u0438\u043b\u043b\u0438\u043d\u0433\u043e\u0432\u043e\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0439 BillQuick Web Suite. \u041f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0436\u0435\u0440\u0442\u0432 - 400 000 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443.\n \n\u0412 \u043c\u0430\u0441\u0441\u0435 \u0441\u0432\u043e\u0435\u0439 \u0430\u0442\u0430\u043a\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 BillQuick, \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0434\u043b\u044f CVE-2021-42258, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u043b\u0435\u0433\u043a\u043e \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0437\u0430\u043f\u0440\u043e\u0441\u0430\u043c\u0438 \u043d\u0430 \u0432\u0445\u043e\u0434 \u0441 \u043d\u0435\u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0441\u0438\u043c\u0432\u043e\u043b\u0430\u043c\u0438 (\u043e\u0434\u0438\u043d\u0430\u0440\u043d\u0430\u044f \u043a\u0430\u0432\u044b\u0447\u043a\u0430) \u0432 \u043f\u043e\u043b\u0435 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n \n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0435\u0449\u0435 7 \u043e\u043a\u0442\u044f\u0431\u0440\u044f \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 22.0.9.1 BQE Software, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0448\u0438\u0435 \u0431\u0430\u0433\u0443 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043a\u043e\u043c\u0430\u043d\u0434\u044b Huntress ThreatOps \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u0435\u0449\u0435 \u0432\u043e\u0441\u0435\u043c\u044c \u0434\u0440\u0443\u0433\u0438\u0445 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 BillQuick (CVE-2021-42344, CVE-2021-42345, CVE-2021-42346, CVE-2021-42571, CVE-2021-42572, CVE-2021-42573, CVE-2021-42741, CVE-2021-42742). \u0412\u0441\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0438\u0445 \u0434\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430 \u0441\u0432\u043e\u0438\u0445 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Windows, \u0430 \u0433\u043b\u0430\u0432\u043d\u043e\u0435 - \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u044b.\n \n\u0410\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 Huntress Labs \u043a \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u0431\u0430\u043d\u0434\u0435 \u043f\u043e\u043a\u0430 \u043d\u0435 \u0443\u0434\u0430\u0435\u0442\u0441\u044f: \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e \u0432 \u0434\u0435\u043b\u0435 \u0431\u043e\u043b\u0435\u0435 \u043c\u0435\u043b\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430. \u0412\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0439 ransomware \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 \u0441 \u043c\u0430\u044f 2020 \u0433\u043e\u0434\u0430 \u0438 \u0432 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0437\u0430\u0438\u043c\u0441\u0442\u0432\u0443\u0435\u0442 \u043a\u043e\u0434 \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 AutoIT. \u0425\u0430\u043a\u0435\u0440\u044b \u043f\u043e\u0441\u043b\u0435 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0412\u041f\u041e \u043d\u0435 \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0437\u0430\u043f\u0438\u0441\u043e\u043a \u043e \u0432\u044b\u043a\u0443\u043f\u0435 \u0432 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445, \u0430 \u043b\u0438\u0448\u044c \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u044e\u0442 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435 pusheken91@bk.ru \u043a\u043e \u0432\u0441\u0435\u043c \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u0430\u043c \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0440\u0430\u0442\u043d\u043e\u0439 \u0441\u0432\u044f\u0437\u0438 \u0434\u043b\u044f \u043e\u0431\u0441\u0443\u0436\u0434\u0435\u043d\u0438\u044f \u0432\u044b\u043a\u0443\u043f\u0430.\n \n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, BQE Software \u0432\u043e\u0432\u0441\u044e \u0432\u0435\u0434\u0443\u0442 \u0440\u0430\u0431\u043e\u0442\u0443 \u043d\u0430\u0434 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438, \u0432\u043f\u0440\u043e\u0447\u0435\u043c, \u043a\u0430\u043a \u0438 \u0445\u0430\u043a\u0435\u0440\u044b. \u041f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u043e\u0432, \u043a \u0430\u0442\u0430\u043a\u0430\u043c BillQuick \u0443\u0436\u0435 \u0432 \u0441\u0430\u043c\u043e\u0435 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0431\u0443\u0434\u0443\u0442 \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u044f\u0442\u044c\u0441\u044f \u0431\u043e\u043b\u0435\u0435 \u043a\u0440\u0443\u043f\u043d\u044b\u0435 \u0430\u043a\u0442\u043e\u0440\u044b.", "creation_timestamp": "2021-10-26T18:55:45.000000Z"}, {"uuid": "eb09e5ca-ead7-47fe-afcf-7b1d65c64797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42255", "type": "seen", "source": "https://t.me/cibsecurity/40632", "content": "\u203c CVE-2021-42255 \u203c\n\nBeyondTrust AppGuard Enterprise through 6.6.20.2 creates a Temporary File in a Directory with Insecure Permissions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T20:17:14.000000Z"}, {"uuid": "69724b4b-2fa3-467d-ac0c-aa936058005e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42258", "type": "exploited", "source": "Telegram/SfsPcTKDBJd6nY2jaCgwHbnHmF3NWzCJGNch8P-EpajA47UB", "content": "", "creation_timestamp": "2025-02-06T02:39:18.000000Z"}, {"uuid": "a843f1d9-885c-4ea4-a260-4e56bed4ef36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4225", "type": "seen", "source": "https://t.me/cibsecurity/41410", "content": "\u203c CVE-2021-4225 \u203c\n\nThe SP Project &amp; Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-25T20:42:18.000000Z"}, {"uuid": "fcf716d7-229b-4cd4-af85-e6fb26cac9d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42254", "type": "seen", "source": "https://t.me/cibsecurity/32740", "content": "\u203c CVE-2021-42254 \u203c\n\nBeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T22:17:13.000000Z"}, {"uuid": "a6607a82-8bd4-43e7-9f30-f12ae30773d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42258", "type": "exploited", "source": "https://t.me/cibsecurity/31084", "content": "\u203c CVE-2021-42258 \u203c\n\nBQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-23T02:39:32.000000Z"}, {"uuid": "f00898b3-b322-4dc8-945b-c24f3d446986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42252", "type": "seen", "source": "https://t.me/cibsecurity/30363", "content": "\u203c CVE-2021-42252 \u203c\n\nAn issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-11T22:24:46.000000Z"}, {"uuid": "100e49e3-3586-49ea-8fdb-58720a6e1b99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42257", "type": "seen", "source": "https://t.me/cibsecurity/30370", "content": "\u203c CVE-2021-42257 \u203c\n\ncheck_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-12T00:24:50.000000Z"}, {"uuid": "d50ef9cd-e4a6-4cbe-8157-efc7e4543d2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42258", "type": "exploited", "source": "https://t.me/S_E_Reborn/1208", "content": "\u041d\u0438 \u0434\u043d\u044f \u0431\u0435\u0437 ransomware: \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 BQE Software \u0432\u0434\u043e\u043b\u044c \u0438 \u043f\u043e\u043f\u0435\u0440\u0435\u043a \u0448\u0438\u0444\u0440\u0443\u044e\u0442 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0432 \u0431\u0438\u043b\u043b\u0438\u043d\u0433\u043e\u0432\u043e\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0439 BillQuick Web Suite. \u041f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0436\u0435\u0440\u0442\u0432 - 400 000 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443.\n \n\u0412 \u043c\u0430\u0441\u0441\u0435 \u0441\u0432\u043e\u0435\u0439 \u0430\u0442\u0430\u043a\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 BillQuick, \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0434\u043b\u044f CVE-2021-42258, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u043b\u0435\u0433\u043a\u043e \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0437\u0430\u043f\u0440\u043e\u0441\u0430\u043c\u0438 \u043d\u0430 \u0432\u0445\u043e\u0434 \u0441 \u043d\u0435\u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0441\u0438\u043c\u0432\u043e\u043b\u0430\u043c\u0438 (\u043e\u0434\u0438\u043d\u0430\u0440\u043d\u0430\u044f \u043a\u0430\u0432\u044b\u0447\u043a\u0430) \u0432 \u043f\u043e\u043b\u0435 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n \n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0435\u0449\u0435 7 \u043e\u043a\u0442\u044f\u0431\u0440\u044f \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 22.0.9.1 BQE Software, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0448\u0438\u0435 \u0431\u0430\u0433\u0443 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043a\u043e\u043c\u0430\u043d\u0434\u044b Huntress ThreatOps \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u0435\u0449\u0435 \u0432\u043e\u0441\u0435\u043c\u044c \u0434\u0440\u0443\u0433\u0438\u0445 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 BillQuick (CVE-2021-42344, CVE-2021-42345, CVE-2021-42346, CVE-2021-42571, CVE-2021-42572, CVE-2021-42573, CVE-2021-42741, CVE-2021-42742). \u0412\u0441\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0438\u0445 \u0434\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430 \u0441\u0432\u043e\u0438\u0445 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Windows, \u0430 \u0433\u043b\u0430\u0432\u043d\u043e\u0435 - \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u044b.\n \n\u0410\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 Huntress Labs \u043a \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u0431\u0430\u043d\u0434\u0435 \u043f\u043e\u043a\u0430 \u043d\u0435 \u0443\u0434\u0430\u0435\u0442\u0441\u044f: \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e \u0432 \u0434\u0435\u043b\u0435 \u0431\u043e\u043b\u0435\u0435 \u043c\u0435\u043b\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430. \u0412\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0439 ransomware \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 \u0441 \u043c\u0430\u044f 2020 \u0433\u043e\u0434\u0430 \u0438 \u0432 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0437\u0430\u0438\u043c\u0441\u0442\u0432\u0443\u0435\u0442 \u043a\u043e\u0434 \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 AutoIT. \u0425\u0430\u043a\u0435\u0440\u044b \u043f\u043e\u0441\u043b\u0435 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0412\u041f\u041e \u043d\u0435 \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0437\u0430\u043f\u0438\u0441\u043e\u043a \u043e \u0432\u044b\u043a\u0443\u043f\u0435 \u0432 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445, \u0430 \u043b\u0438\u0448\u044c \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u044e\u0442 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435 pusheken91@bk.ru \u043a\u043e \u0432\u0441\u0435\u043c \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u0430\u043c \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0440\u0430\u0442\u043d\u043e\u0439 \u0441\u0432\u044f\u0437\u0438 \u0434\u043b\u044f \u043e\u0431\u0441\u0443\u0436\u0434\u0435\u043d\u0438\u044f \u0432\u044b\u043a\u0443\u043f\u0430.\n \n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, BQE Software \u0432\u043e\u0432\u0441\u044e \u0432\u0435\u0434\u0443\u0442 \u0440\u0430\u0431\u043e\u0442\u0443 \u043d\u0430\u0434 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438, \u0432\u043f\u0440\u043e\u0447\u0435\u043c, \u043a\u0430\u043a \u0438 \u0445\u0430\u043a\u0435\u0440\u044b. \u041f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u043e\u0432, \u043a \u0430\u0442\u0430\u043a\u0430\u043c BillQuick \u0443\u0436\u0435 \u0432 \u0441\u0430\u043c\u043e\u0435 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0431\u0443\u0434\u0443\u0442 \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u044f\u0442\u044c\u0441\u044f \u0431\u043e\u043b\u0435\u0435 \u043a\u0440\u0443\u043f\u043d\u044b\u0435 \u0430\u043a\u0442\u043e\u0440\u044b.", "creation_timestamp": "2021-10-27T10:22:02.000000Z"}]}