{"vulnerability": "CVE-2023-21887", "sightings": [{"uuid": "c816f8b3-66b8-4acb-8b79-d8bacc917898", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21887", "type": "seen", "source": "MISP/591f3235-7ebf-44cf-a316-d90d36580532", "content": "", "creation_timestamp": "2024-12-19T13:09:26.000000Z"}, {"uuid": "18ef5f37-b470-430f-86c4-4dd31d73af3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21887", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/5993", "content": "|       PRION:CVE-2023-22110    3.3     https://vulners.com/prion/PRION:CVE-2023-22110              |       PRION:CVE-2023-22104    3.3     https://vulners.com/prion/PRION:CVE-2023-22104              |       PRION:CVE-2023-22103    3.3     https://vulners.com/prion/PRION:CVE-2023-22103              |       PRION:CVE-2023-22097    3.3     https://vulners.com/prion/PRION:CVE-2023-22097              |       PRION:CVE-2023-22092    3.3     https://vulners.com/prion/PRION:CVE-2023-22092              |       PRION:CVE-2023-22084    3.3     https://vulners.com/prion/PRION:CVE-2023-22084              |       PRION:CVE-2023-22078    3.3     https://vulners.com/prion/PRION:CVE-2023-22078              |       PRION:CVE-2023-22070    3.3     https://vulners.com/prion/PRION:CVE-2023-22070              |       PRION:CVE-2023-22068    3.3     https://vulners.com/prion/PRION:CVE-2023-22068              |       PRION:CVE-2023-22066    3.3     https://vulners.com/prion/PRION:CVE-2023-22066              |       PRION:CVE-2023-22065    3.3     https://vulners.com/prion/PRION:CVE-2023-22065              |       PRION:CVE-2023-22064    3.3     https://vulners.com/prion/PRION:CVE-2023-22064              |       PRION:CVE-2023-22057    3.3     https://vulners.com/prion/PRION:CVE-2023-22057              |       PRION:CVE-2023-22056    3.3     https://vulners.com/prion/PRION:CVE-2023-22056              |       PRION:CVE-2023-22054    3.3     https://vulners.com/prion/PRION:CVE-2023-22054              |       PRION:CVE-2023-22032    3.3     https://vulners.com/prion/PRION:CVE-2023-22032\n|       PRION:CVE-2023-22028    3.3     https://vulners.com/prion/PRION:CVE-2023-22028              |       PRION:CVE-2023-22026    3.3     https://vulners.com/prion/PRION:CVE-2023-22026\n|       PRION:CVE-2023-22015    3.3     https://vulners.com/prion/PRION:CVE-2023-22015\n|       PRION:CVE-2023-22007    3.3     https://vulners.com/prion/PRION:CVE-2023-22007              |       PRION:CVE-2023-21982    3.3     https://vulners.com/prion/PRION:CVE-2023-21982              |       PRION:CVE-2023-21976    3.3     https://vulners.com/prion/PRION:CVE-2023-21976\n|       PRION:CVE-2023-21972    3.3     https://vulners.com/prion/PRION:CVE-2023-21972\n|       PRION:CVE-2023-21950    3.3     https://vulners.com/prion/PRION:CVE-2023-21950\n|       PRION:CVE-2023-21887    3.3     https://vulners.com/prion/PRION:CVE-2023-21887\n|       PRION:CVE-2023-21883    3.3     https://vulners.com/prion/PRION:CVE-2023-21883\n|       PRION:CVE-2023-21882    3.3     https://vulners.com/prion/PRION:CVE-2023-21882              |       PRION:CVE-2023-21881    3.3     https://vulners.com/prion/PRION:CVE-2023-21881\n|       PRION:CVE-2023-21879    3.3     https://vulners.com/prion/PRION:CVE-2023-21879\n|       PRION:CVE-2023-21878    3.3     https://vulners.com/prion/PRION:CVE-2023-21878              |       PRION:CVE-2023-21876    3.3     https://vulners.com/prion/PRION:CVE-2023-21876              |       PRION:CVE-2022-39400    3.3     https://vulners.com/prion/PRION:CVE-2022-39400\n|       PRION:CVE-2022-21641    3.3     https://vulners.com/prion/PRION:CVE-2022-21641\n|       PRION:CVE-2022-21640    3.3     https://vulners.com/prion/PRION:CVE-2022-21640\n|       PRION:CVE-2022-21638    3.3     https://vulners.com/prion/PRION:CVE-2022-21638\n|       PRION:CVE-2022-21637    3.3     https://vulners.com/prion/PRION:CVE-2022-21637              |       PRION:CVE-2022-21633    3.3     https://vulners.com/prion/PRION:CVE-2022-21633\n|       PRION:CVE-2022-21632    3.3     https://vulners.com/prion/PRION:CVE-2022-21632\n|       PRION:CVE-2022-21617    3.3     https://vulners.com/prion/PRION:CVE-2022-21617              |       PRION:CVE-2022-21608    3.3     https://vulners.com/prion/PRION:CVE-2022-21608              |       PRION:CVE-2022-21607    3.3     https://vulners.com/prion/PRION:CVE-2022-21607", "creation_timestamp": "2023-11-15T17:01:59.000000Z"}, {"uuid": "ead413e2-25ae-4d17-9c6a-3f0293f43953", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21887", "type": "seen", "source": "https://t.me/cibsecurity/56642", "content": "\u203c CVE-2023-21887 \u203c\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T02:26:32.000000Z"}, {"uuid": "12120dbd-0f7c-4b5f-a2ae-3aca33dc453b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21887", "type": "exploited", "source": "https://t.me/theninjaway1337/1421", "content": "MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES\n\nOn January 10, 2024, Ivanti\u00a0published\u00a0a security advisory regarding two vulnerabilities in Ivanti Connect Secure VPN. These vulnerabilities, which were exploited in the wild, are identified as CVE-2023-46805 and CVE-2023-21887. The exploitation of these vulnerabilities was quickly adopted by a number of threat actors, resulting in a broad\u00a0range\u00a0of malicious activities.\nCheck Point Research has been tracking these exploitations and identified several activity clusters targeting vulnerable Connect Secure VPN appliances. As in many other mass-exploitation of 1-day vulnerabilities cases, differentiating and identifying the different actors is quite challenging. With this in mind, we decided to investigate the inner workings of one distinct cluster that caught our attention, by a threat actor we called Magnet Goblin.\n\nhttps://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/", "creation_timestamp": "2024-03-12T11:57:05.000000Z"}]}