{"vulnerability": "CVE-2023-1671", "sightings": [{"uuid": "1ef0fc42-dc28-4b97-806f-8abdcd0fca7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-11-16T18:10:02.000000Z"}, {"uuid": "b6bf63f5-e393-4816-89cb-6e0b525ea5a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971924", "content": "", "creation_timestamp": "2024-12-24T20:35:42.918728Z"}, {"uuid": "5adad81f-d2a8-4258-b298-5723c9acb3da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-22)", "content": "", "creation_timestamp": "2025-02-22T00:00:00.000000Z"}, {"uuid": "eedbf403-1864-4eb2-bd7d-034aeeb2ae9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-14)", "content": "", "creation_timestamp": "2025-08-14T00:00:00.000000Z"}, {"uuid": "9e05b6f4-41f9-41ff-8755-665b4079fe25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:49.000000Z"}, {"uuid": "3fa22667-9a75-4e70-aeed-47e52bd54f2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-07)", "content": "", "creation_timestamp": "2025-07-07T00:00:00.000000Z"}, {"uuid": "9e5f05b5-4d63-48d0-b935-c6f6a01357f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-29)", "content": "", "creation_timestamp": "2025-07-29T00:00:00.000000Z"}, {"uuid": "ef85f39b-91a9-4d0c-b74c-595eb78b43d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-02)", "content": "", "creation_timestamp": "2025-03-02T00:00:00.000000Z"}, {"uuid": "31ac6f91-52ec-4e93-a028-637ca536cdbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-28)", "content": "", "creation_timestamp": "2025-07-28T00:00:00.000000Z"}, {"uuid": "9acfcc64-7f86-4e69-993e-6992d1be3304", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-09)", "content": "", "creation_timestamp": "2025-11-09T00:00:00.000000Z"}, {"uuid": "ecb1008a-6c50-411a-bdec-a03589d16898", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:05.000000Z"}, {"uuid": "fe7bbb16-95a5-45d7-af54-0bd9ddcac2ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-1671", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/1e8bd832-0e95-4f01-84b1-6bd860b71a7d", "content": "", "creation_timestamp": "2026-02-02T12:26:45.885096Z"}, {"uuid": "e39ca351-669d-480b-9a56-1e433c9984b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-25)", "content": "", "creation_timestamp": "2025-12-25T00:00:00.000000Z"}, {"uuid": "49850cc7-3b41-425d-bce4-b5a6b9d716d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-04)", "content": "", "creation_timestamp": "2026-03-04T00:00:00.000000Z"}, {"uuid": "6f691ba9-647d-4411-ba68-17066348c2cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-05)", "content": "", "creation_timestamp": "2026-01-05T00:00:00.000000Z"}, {"uuid": "1b91100b-b4c4-4bcc-bba2-d615ef2b7fbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/2790", "content": "\ud83d\udea8 CISA adds 3 security flaws to its KEV catalog due to active exploitation. \n \nCVE-2023-1671: Enables arbitrary code execution. \nCVE-2023-2551: Affects WebLogic Server. \nCVE-2023-36584: Associated with pro-Russian APT's spear-phishing. \n \nRead: https://thehackernews.com/2023/11/cisa-adds-three-security-flaws-with.html", "creation_timestamp": "2023-11-17T10:12:21.000000Z"}, {"uuid": "eeca18a4-8cd4-4bf5-8749-fa04abd10c79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4256", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-1671 POC in python\nURL\uff1ahttps://github.com/c4ln/CVE-2023-1671-POC\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-09-15T08:52:16.000000Z"}, {"uuid": "7c14b8da-f7bc-4d65-9dbd-4e98109be0e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "published-proof-of-concept", "source": "https://t.me/road_to_oscp/198", "content": "https://vulncheck.com/blog/cve-2023-1671-analysis", "creation_timestamp": "2023-04-25T09:47:32.000000Z"}, {"uuid": "70d5dd3a-d28b-47dc-b7e4-7b83a0709670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-28)", "content": "", "creation_timestamp": "2026-04-28T00:00:00.000000Z"}, {"uuid": "d570ae2e-e848-48a6-83a2-187c5ea4c5d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4247", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-1671-POC, based on dnslog platform\nURL\uff1ahttps://github.com/W01fh4cker/CVE-2023-1671-POC\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-04-26T02:51:58.000000Z"}, {"uuid": "c489143e-e2a4-4340-9ced-046b3725b30d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-28)", "content": "", "creation_timestamp": "2026-04-28T00:00:00.000000Z"}, {"uuid": "4e31b16f-c83a-40f3-9290-6343580d56fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "exploited", "source": "https://t.me/ctinow/150489", "content": "https://ift.tt/NMZfn6e\nSophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)", "creation_timestamp": "2023-11-20T13:32:52.000000Z"}, {"uuid": "564c8b7f-f4e3-4bf5-a4af-262e16f812e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/229", "content": "\ud83d\udea8 CISA adds 3 security flaws to its KEV catalog due to active exploitation. \n \nCVE-2023-1671: Enables arbitrary code execution. \nCVE-2023-2551: Affects WebLogic Server. \nCVE-2023-36584: Associated with pro-Russian APT's spear-phishing. \n \nRead: https://thehackernews.com/2023/11/cisa-adds-three-security-flaws-with.html", "creation_timestamp": "2023-11-17T10:12:21.000000Z"}, {"uuid": "91c85839-0b06-45ab-8a70-f702023bae32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "seen", "source": "https://t.me/KomunitiSiber/1086", "content": "CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog\nhttps://thehackernews.com/2023/11/cisa-adds-three-security-flaws-with.html\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild.\nThe\u00a0vulnerabilities\u00a0are as follows -\n\nCVE-2023-36584\u00a0(CVSS score: 5.4) - Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability\nCVE-2023-1671\u00a0(CVSS score: 9.8) -", "creation_timestamp": "2023-11-17T07:07:36.000000Z"}, {"uuid": "1567edc4-796a-46dc-8a25-9f54c4002681", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "seen", "source": "Telegram/Bw0hPsCfuz7Dlo6FsfoY-QgOhbVYq8J767WSGH93YfvkfA", "content": "", "creation_timestamp": "2023-11-17T07:43:49.000000Z"}, {"uuid": "e5b67174-b948-4aa4-a72c-44bd7c9fc6f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2897", "content": "Tools - Hackers Factory\n\n\u200b\u200bLTESniffer\n\nAn Open-source LTE Downlink/Uplink Eavesdropper.\n\nThe main purpose of LTESniffer is to support security and analysis research on the cellular network. Due to the collection of uplink-downlink user data, any use of LTESniffer must follow the local regulations on sniffing the LTE traffic.\n\nhttps://github.com/SysSec-KAIST/LTESniffer\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCVE-2023-1671-POC\n\nBased on dnslog platform.\n\nhttps://github.com/W01fh4cker/CVE-2023-1671-POC\n\n#infosec #cve #poc\n\n\u200b\u200bChattyCaty\n\nOpen-source project which demonstrates an infrastructure to create a polymorphic program using GPT models.\n\nhttps://github.com/cyberark/ChattyCaty\n\n#cybersecurity #infosec\n\n\u200b\u200bprocess-cloning\n\nThe Definitive Guide To Process Cloning on Windows.\n\nhttps://github.com/huntandhackett/process-cloning\n\n#cybersecurity #infosec #pentesting\n\nPentestGPT\n\nA GPT-empowered penetration testing tool.\n\nhttps://github.com/GreyDGL/PentestGPT\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bLinkedinEmails\n\nSearches for employees of a company on #linkedin and generates a list of possible emails.\n\nhttps://github.com/miltinhoc/LinkedinEmails\n\n\u200b\u200bSECMON\n\nWeb-based tool for the automation of infosec watching and vulnerability management with a web interface.\n\nhttps://github.com/Guezone/SECMON\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-27524 \n\nApache Superset Auth Bypass.\n\nScript to check if an Apache Superset server is running with an insecure default configuration (CVE-2023-27524). The script checks if a Superset server's session cookies are signed with any well-known default Flask SECRET_KEYs.\n\nhttps://github.com/horizon3ai/CVE-2023-27524\n\n#infosec #cve #poc\n\n\u200b\u200bZaproxy\n\nThe OWASP Zed Attack Proxy (ZAP) is one of the world\u2019s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing.\n\nhttps://github.com/zaproxy/zaproxy\n\nWebsite:\nhttps://www.zaproxy.org/\n\n#infosec #pentesting #best\n\n\u200b\u200bStackrox\n\nThe StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment.\n\nhttps://github.com/stackrox/stackrox\n\n#cybersecurity #infosec\n\n\u200b\u200bNuclear Pond\n\nNuclear Pond is a utility leveraging Nuclei to perform internet wide scans for the cost of a cup of coffee.\n\nhttps://github.com/DevSecOpsDocs/nuclearpond\n\n#cybersecurity #infosec \n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-04-26T09:26:57.000000Z"}, {"uuid": "56e0c561-b4ff-4299-8d51-0db8a6e891f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "published-proof-of-concept", "source": "https://t.me/jokerplstaeen/17304", "content": "\u200b\u200bCVE-2023-1671-POC\n\nBased on dnslog platform.\n\nhttps://github.com/W01fh4cker/CVE-2023-1671-POC\n\n#infosec #cve #poc", "creation_timestamp": "2023-05-23T17:56:34.000000Z"}, {"uuid": "8365312a-2908-41e5-b4cb-6676f920fa4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "published-proof-of-concept", "source": "Telegram/mVJJuhddwk0nA8Y0WuDUjnRRR65E2NyNdIhuciCMQeZEk84", "content": "", "creation_timestamp": "2023-05-22T03:50:12.000000Z"}, {"uuid": "df96833c-8f20-4a99-bebd-3434dde5b03a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "seen", "source": "https://t.me/true_secator/4254", "content": "\u0411\u0440\u0438\u0442\u0430\u043d\u0441\u043a\u0430\u044f Sophos \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 Sophos Web Appliance (SWA), \u043e\u0434\u043d\u0430 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f.\n\n\u041f\u043e\u0445\u043e\u0436\u0435, \u0447\u0442\u043e Sophos \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u043e\u0441\u0442\u0430\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u043b\u0438\u043d\u0435\u0439\u043a\u0435 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441 \u0434\u044b\u0440\u044f\u0432\u044b\u043c\u0438\u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0433\u0440\u043e\u0437. \n\n\u041f\u043b\u0435\u0447\u043e\u043c \u043a \u043f\u043b\u0435\u0447\u0443 \u0441\u043e \u0441\u0432\u043e\u0438\u043c\u0438 \u044f\u043f\u043e\u043d\u0441\u043a\u0438\u043c\u0438 \u043a\u043e\u043b\u043b\u0435\u0433\u0430\u043c\u0438 \u0438\u0437 Trend Micro, \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043e\u0434\u043d\u0430\u0436\u0434\u044b \u0443\u043a\u0440\u0430\u043b\u0438 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0443 Mitsubishi Electric.\n\n\u041a\u0430\u043a \u043f\u043e\u043c\u043d\u0438\u0442\u0441\u044f, \u043d\u0435 \u0434\u0430\u043b\u0435\u043a\u043e \u0443\u0448\u043b\u0430 \u0440\u0443\u043c\u044b\u043d\u0441\u043a\u0430\u044f Bitdefender \u0438 \u0447\u0435\u0448\u0441\u043a\u0430\u044f Avast, \u043d\u0435 \u0433\u043e\u0432\u043e\u0440\u044f \u0443\u0436\u0435 \u043f\u0440\u043e \u043c\u0438\u043a\u0440\u043e\u043c\u044f\u0433\u043a\u0438\u0445.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u0430\u044f Sophos Web Appliance 4.3.10.4 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 CVE-2023-1671 (\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f), CVE-2022-4934 (\u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438) \u0438 CVE-2020-36692 (\u0441\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432\u043d\u0435\u0448\u043d\u0438\u043c\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 Sophos bug bounty.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0438\u0437 \u043e\u0448\u0438\u0431\u043e\u043a \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u043f\u0435\u0440\u0435\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0435 warn-proceed \u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 RCE, \u0432\u0442\u043e\u0440\u0430\u044f - \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u0430\u044f RCE \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043c\u0430\u0441\u0442\u0435\u0440 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439.\n\n\u0422\u0440\u0435\u0442\u044c\u044f XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 JavaScript \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0436\u0435\u0440\u0442\u0432\u043e\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0444\u043e\u0440\u043c\u044b \u043d\u0430 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0435, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c, \u043f\u0440\u0438 \u0432\u0445\u043e\u0434\u0435 \u0432 SWA.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438, \u043d\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u043e\u043c\u043d\u0438\u0442\u044c, \u0447\u0442\u043e 20 \u0438\u044e\u043b\u044f \u0438\u0441\u0442\u0435\u043a\u0430\u0435\u0442 \u0441\u0440\u043e\u043a \u0441\u043b\u0443\u0436\u0431\u044b SWA, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0432\u043e\u043b\u0448\u0435\u0431\u0441\u0442\u0432\u0430 \u0443\u0436\u0435 \u043d\u0435 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0436\u0438\u0434\u0430\u0442\u044c.", "creation_timestamp": "2023-04-05T15:15:02.000000Z"}, {"uuid": "b61f3d8c-d9b9-44f4-812e-c920d86e0fe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3316", "content": "CVE-2023-1671 | Pre-Auth RCE in Sophos Web Appliance\n\n\nDorkfofa\n\n(title=\"Sophos Web Appliance\" || app=\"Sophos-Web-Appliance\") && title!=\"Sophos Web Appliance\uff1a\u9519\u8bef\u8bf7\u6c42\"\n\nZoomEye\n\ntitle:\"Sophos Web Appliance\"-title:\"Sophos Web Appliance: Forbidden\"-title:\"Sophos Web Appliance: Bad Request\"\n\nShodan\n\ntitle:\"Sophos Web Appliance\"\n\nUsage:\n\npython CVE-2023-1671-POC.py -u http://www.example.com\npython CVE-2023-1671-POC.py -u http://www.example.com -d xxxxxx.dnslog.cn\npython CVE-2023-1671-POC.py -f urls.txt\npython CVE-2023-1671-POC.py -f urls.txt -d xxxxxx.dnslog.cn\n\nDownload: https://system32.ink/news-feed/p/309/", "creation_timestamp": "2023-04-25T15:20:18.000000Z"}, {"uuid": "ed4a79bd-50cd-46ed-adf1-9354909853b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/8177", "content": "#exploit\n1. CVE-2023-1671:\nPre-Auth RCE in Sophos Web Appliance\nhttps://vulncheck.com/blog/cve-2023-1671-analysis\n]-> https://github.com/W01fh4cker/CVE-2023-1671-POC\n\n2. CVE-2022-29844:\nBuffer Overflow On WD My Cloud Pro Series PR4100\nhttps://www.zerodayinitiative.com/blog/2023/4/19/cve-2022-29844-a-classic-buffer-overflow-on-the-western-digital-my-cloud-pro-series-pr4100\n\n3. CVE-2023-21554:\nUnauthenticated RCE vulnerability in the MSMQ service\nhttps://www.randori.com/blog/vulnerability-analysis-queuejumper-cve-2023-21554", "creation_timestamp": "2024-07-17T00:33:01.000000Z"}, {"uuid": "6f639873-be03-4377-8fcd-51b97d399129", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "seen", "source": "https://t.me/cibsecurity/61374", "content": "\u203c CVE-2023-1671 \u203c\n\nA pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-04T14:36:57.000000Z"}, {"uuid": "12526951-fb90-41d1-8736-6cd4cb4479a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "exploited", "source": "https://t.me/thehackernews/4162", "content": "\ud83d\udea8 CISA adds 3 security flaws to its KEV catalog due to active exploitation. \n \nCVE-2023-1671: Enables arbitrary code execution. \nCVE-2023-2551: Affects WebLogic Server. \nCVE-2023-36584: Associated with pro-Russian APT's spear-phishing. \n \nRead: https://thehackernews.com/2023/11/cisa-adds-three-security-flaws-with.html", "creation_timestamp": "2023-11-17T07:02:15.000000Z"}, {"uuid": "f9e55658-9661-4076-9954-05ada6bd11f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/586", "content": "https://github.com/W01fh4cker/CVE-2023-1671-POC", "creation_timestamp": "2023-05-22T03:50:55.000000Z"}, {"uuid": "cf79a024-b22e-4a57-ad47-84a55e6df31c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1671", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/525", "content": "Sophos Web Appliance Pre-Auth RCE\nhttps://github.com/ohnonoyesyes/CVE-2023-1671\n#github", "creation_timestamp": "2023-04-24T04:35:31.000000Z"}]}