{"vulnerability": "CVE-2023-4878", "sightings": [{"uuid": "204a672b-dc26-4481-9eda-2177f410ac39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/8a5d9ef7-0fae-4fcc-a606-d3701ec5f0e0", "content": "", "creation_timestamp": "2024-10-15T11:39:08.000000Z"}, {"uuid": "38a10c77-20bf-49d9-af00-4f60f1cbe00d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-03-25T18:10:03.000000Z"}, {"uuid": "4ac054f8-3e78-41c0-87d5-d07e0899efde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/f0528842-4816-4b65-941a-a052b44f7db6", "content": "", "creation_timestamp": "2024-04-09T06:41:14.000000Z"}, {"uuid": "747c991d-be00-4d0f-a783-d6effdf89611", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/c71d74eb-5c12-47b7-95ab-c2416dd932a5", "content": "", "creation_timestamp": "2024-04-18T10:27:46.000000Z"}, {"uuid": "dfc62458-a72d-4d6f-a791-32357a244d56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/ffea72a3-7935-4078-b769-b872475c5eae", "content": "", "creation_timestamp": "2024-11-27T08:28:21.000000Z"}, {"uuid": "a0131348-7a4f-4ff5-b7ec-ce2cfc557599", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://infosec.exchange/users/malmoeb/statuses/113607765689175235", "content": "", "creation_timestamp": "2024-12-06T20:28:53.931746Z"}, {"uuid": "ebd7e8e1-f177-4944-8f09-b2367b537300", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48782", "type": "seen", "source": "https://www.darkreading.com/vulnerabilities-threats/fortinet-addresses-unpatched-critical-rce-vector", "content": "", "creation_timestamp": "2024-12-19T21:29:13.000000Z"}, {"uuid": "36848def-f4f0-46fa-b676-0225fdd7bf9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3ldojvyfzjt2c", "content": "", "creation_timestamp": "2024-12-19T18:47:56.533289Z"}, {"uuid": "8110ddcb-9798-44b6-acb0-d99ace2259fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://bsky.app/profile/bluecyber.bsky.social/post/3ldq5cijhec2t", "content": "", "creation_timestamp": "2024-12-20T10:07:38.138066Z"}, {"uuid": "e7692bd6-db94-4cfb-8ced-1f1de32ab070", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3ldpt22n2752z", "content": "", "creation_timestamp": "2024-12-20T07:03:56.574291Z"}, {"uuid": "a4b96245-9461-454c-954f-57798d23e81d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3ldpt7j472b2g", "content": "", "creation_timestamp": "2024-12-20T07:07:00.184448Z"}, {"uuid": "8559c2c0-2bde-4e80-8aa4-2025f5346691", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2023-48788", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3ldpoo46rnk24", "content": "", "creation_timestamp": "2024-12-20T05:45:40.673645Z"}, {"uuid": "8d7ee4e0-b710-4797-a572-0672dd4ad583", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://thehackernews.com/2024/12/hackers-exploiting-critical-fortinet.html", "content": "", "creation_timestamp": "2024-12-20T05:25:00.000000Z"}, {"uuid": "2b7bb2be-2e5f-4a85-9347-a73a5c5fa4c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113680568842715542", "content": "", "creation_timestamp": "2024-12-19T17:03:41.322575Z"}, {"uuid": "1a62f5ae-5c2e-450a-8845-c5de2a69c48c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://bsky.app/profile/volk149.bsky.social/post/3le6wgt2ky22g", "content": "", "creation_timestamp": "2024-12-26T07:14:46.065713Z"}, {"uuid": "16a862a8-d4c5-48ae-86bf-f880b547bc2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/network/cves/2023/CVE-2023-48788.yaml", "content": "", "creation_timestamp": "2024-12-26T14:10:14.000000Z"}, {"uuid": "002953ee-b4df-4ced-92e3-ac1a0d361ec7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://bsky.app/profile/redvello.bsky.social/post/3lgpejmauvc2w", "content": "", "creation_timestamp": "2025-01-27T06:59:50.399202Z"}, {"uuid": "bc99bd64-1378-49b7-9fc8-fe52024cb245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "150550b9-8ffb-4b2c-b857-89d6fdcf57b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:57.000000Z"}, {"uuid": "fb934e8f-27c7-4b6e-9911-324d9d01de40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:02.000000Z"}, {"uuid": "72b7914a-21cf-4be9-91bc-456707f2da2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-da14e733-8b517f7e5f0581cb", "content": "", "creation_timestamp": "2025-03-23T07:42:48.061359Z"}, {"uuid": "42f030e6-a0ba-4546-b906-d9cb63322629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3liecbjhrw22y", "content": "", "creation_timestamp": "2025-02-17T08:10:37.773516Z"}, {"uuid": "3df873f6-ee9b-44c9-aaa6-9317e9e25813", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:53.000000Z"}, {"uuid": "228f3d39-9e77-4b71-a39f-be284a2e92e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48785", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lke2qgicsw2n", "content": "", "creation_timestamp": "2025-03-14T16:46:11.408225Z"}, {"uuid": "6ec10467-8ecc-4f27-b551-14a0037049c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48785", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114162103566286961", "content": "", "creation_timestamp": "2025-03-14T18:04:17.960386Z"}, {"uuid": "f9844c74-e4ab-4aa6-99fe-773fddfedf3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-c46fef03-448780d790eaac5a", "content": "", "creation_timestamp": "2025-03-12T09:45:14.467172Z"}, {"uuid": "89a9689e-e0f1-4188-87f4-776236017f22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://gist.github.com/cmj/e2efb3a2d0adc86acd38eea0e9979216", "content": "", "creation_timestamp": "2025-03-10T14:24:04.000000Z"}, {"uuid": "7c7b1bf7-03f5-4606-a7c7-a810ea3653db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3lli5yqdqsp2c", "content": "", "creation_timestamp": "2025-03-29T01:20:18.534050Z"}, {"uuid": "0f672fad-38e0-4854-91de-fd385b1441c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://bsky.app/profile/ccitic.bsky.social/post/3ltuj5qatqs2f", "content": "", "creation_timestamp": "2025-07-13T18:33:08.035549Z"}, {"uuid": "fedd493e-a48d-4dc8-b51b-139c4bf9ec52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/forticlient_ems_fctid_sqli.rb", "content": "", "creation_timestamp": "2024-04-19T19:35:28.000000Z"}, {"uuid": "72280fa8-adf6-4d6d-a75e-2406dd375514", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/853ff921-86fb-463b-bc2a-2860bf336b81", "content": "", "creation_timestamp": "2025-08-06T01:04:20.000000Z"}, {"uuid": "ad7b694d-9694-44e9-b42d-bfc7380ce580", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://gist.github.com/Darkcrai86/2f5da7656da6d9acacbf6310e5ce64a5", "content": "", "creation_timestamp": "2025-09-22T16:23:25.000000Z"}, {"uuid": "d7f56017-e135-497e-b3e6-46f9cd4d41dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48782", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-15T13:28:31.000000Z"}, {"uuid": "2a7af59d-6986-453a-ae1c-3d2d2e23b6f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/853ff921-86fb-463b-bc2a-2860bf336b81", "content": "", "creation_timestamp": "2025-08-21T10:03:56.000000Z"}, {"uuid": "8fc5d6a3-137d-4079-b6a9-655f579fef95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48782", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-16T03:45:00.000000Z"}, {"uuid": "d9fcadb1-40d0-4221-b139-6e80eedb847f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/8263fd3f-ae50-413c-8bac-1d69abcdb7bc", "content": "", "creation_timestamp": "2025-08-21T02:29:05.000000Z"}, {"uuid": "5b90e134-e442-4018-b3fa-6c9fbb2bdcd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:11.000000Z"}, {"uuid": "361767f6-b271-45a3-9f5b-f5d628ef8c13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/c71d74eb-5c12-47b7-95ab-c2416dd932a5", "content": "", "creation_timestamp": "2026-02-07T01:58:55.000000Z"}, {"uuid": "8bcfa71f-2c9a-4531-aa6c-45fb05b5914f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/8a5d9ef7-0fae-4fcc-a606-d3701ec5f0e0", "content": "", "creation_timestamp": "2026-01-09T20:17:31.000000Z"}, {"uuid": "fa9bfaa8-26e7-4f21-8ab9-4077d1957a65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/f88ee265-c1d6-4642-824a-986dae80c7b6", "content": "", "creation_timestamp": "2026-03-02T09:40:53.000000Z"}, {"uuid": "930e9f11-43c5-45d0-84dc-6a552a5eaadb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1246", "content": "", "creation_timestamp": "2024-03-13T04:00:00.000000Z"}, {"uuid": "ec012930-313a-438e-87c0-82782d170695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3midg6oef5o2u", "content": "", "creation_timestamp": "2026-03-31T05:14:06.599492Z"}, {"uuid": "2fe7317b-58d2-4e95-8f1a-eac6b31f2c8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/HackingInsights/13119", "content": "\u200aMedusa Exploits Fortinet Flaw (CVE-2023-48788) for Stealthy Ransomware Attacks\n\nhttps://securityonline.info/medusa-exploits-fortinet-flaw-cve-2023-48788-for-stealthy-ransomware-attacks/", "creation_timestamp": "2024-09-15T21:05:48.000000Z"}, {"uuid": "09e3b09c-9f70-41d3-91c9-5166314e8275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3d3e4bb8-ab3a-41e0-aa6d-330eeb5f0c53", "content": "", "creation_timestamp": "2026-02-02T12:26:40.009594Z"}, {"uuid": "8c18f618-aff5-44da-bcf4-9e7b2b25152e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/aa8d5c88-3ff7-4f35-ac94-a52fe0af1d68", "content": "", "creation_timestamp": "2026-02-02T12:25:27.866632Z"}, {"uuid": "5df7d68b-7f04-4d83-bb9f-36dcefabdf5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-forticlient-ems-sql-injection-cve-2026-21643-patch-immediately", "content": "", "creation_timestamp": "2026-03-31T07:45:24.000000Z"}, {"uuid": "7aa27e46-0aff-42d7-83b0-ce42a303f2ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "Telegram/qEB3cQjn89-Wp0e5IcB9U1WByFHdUfbB2SjNxLmQQweLTVo", "content": "", "creation_timestamp": "2024-03-26T07:18:45.000000Z"}, {"uuid": "fce5d8c7-aa57-4fad-b753-07f32e38be57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "Telegram/kMO0qRphtGiNrKAskJeMZ9CUi5il7qGaJijPxFyMEDYkejQ", "content": "", "creation_timestamp": "2024-04-17T14:09:52.000000Z"}, {"uuid": "c51e82bf-8fac-4629-a91f-0631626ba9ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "MISP/08b96cf8-8da4-419e-8f0e-14a931a726cb", "content": "", "creation_timestamp": "2026-04-19T16:48:55.000000Z"}, {"uuid": "307192cf-16c7-4420-bca1-acb64eea3a56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/cKure/12565", "content": "Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.\n\nTracked as CVE-2023-48788, this security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the UK's National Cyber Security Centre (NCSC).\n\nhttps://www.bleepingcomputer.com/news/security/exploit-released-for-fortinet-rce-bug-used-in-attacks-patch-now/", "creation_timestamp": "2024-03-21T16:51:37.000000Z"}, {"uuid": "b15a3c23-cd9d-4cac-bf1b-af0948391cd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "published-proof-of-concept", "source": "https://t.me/cKure/12588", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive.\n\nhttps://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/", "creation_timestamp": "2024-03-24T02:01:09.000000Z"}, {"uuid": "84014251-3e44-4dd5-b1cd-6158bcbd4b48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48785", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7614", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-48785\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:X/RC:X)\n\ud83d\udd39 Description: An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.\n\ud83d\udccf Published: 2025-03-14T15:46:57.799Z\n\ud83d\udccf Modified: 2025-03-14T17:17:09.570Z\n\ud83d\udd17 References:\n1. https://fortiguard.com/psirt/FG-IR-23-288", "creation_timestamp": "2025-03-14T17:49:01.000000Z"}, {"uuid": "ea1029e5-63d3-4044-bbcd-5a4b61feac1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/cKure/14065", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Hackers Exploiting FortiClient EMS Vulnerability (CVE-2023-48788) in the Wild.\n\nhttps://cybersecuritynews.com/hackers-exploiting-forticlient-ems-vulnerability/", "creation_timestamp": "2024-12-21T04:00:32.000000Z"}, {"uuid": "019334d6-a529-4869-8c69-1ae065fde3dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6836", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aCVE-2023-48788 PoC SQLi----> RCE\nURL\uff1ahttps://github.com/CVETechnologic/CVE-2023-48788-Proof-of-concept-SQLinj\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-03-23T04:34:04.000000Z"}, {"uuid": "00ca42a1-1cb0-4547-b0b2-82f2615023b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://t.me/true_secator/7103", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0431\u043e\u043c\u0431\u0438\u0442\u044c \u043e\u0442\u0447\u0435\u0442\u0430\u043c\u0438, \u043d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u043f\u043e\u0434\u043e\u0433\u043d\u0430\u043b\u0438 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0443 \u043f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0437\u0430 \u043f\u0435\u0440\u0432\u044b\u0439 \u043a\u0432\u0430\u0440\u0442\u0430\u043b 2025 \u0433\u043e\u0434\u0430.\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u043b\u0430\u0441\u044c \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 2024 \u0433\u043e\u0434\u0443, \u0442\u0430\u043a \u043a\u0430\u043a \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0430\u043d\u0435\u0435 \u043d\u0435 \u043c\u043e\u0433\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u043e\u0434\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0438 \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0430 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u044e\u0442 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0430 \u0438\u0445 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0432\u043e \u043c\u043d\u043e\u0433\u043e\u043c \u043f\u043e\u0432\u0442\u043e\u0440\u044f\u0435\u0442 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0433\u043e\u0434\u044b.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u043c\u043d\u043e\u0433\u0438\u0435 CWE \u0438\u0437 TOP 10 \u0434\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 Microsoft \u0438 \u044f\u0434\u0440\u0430 Linux \u0441\u043e\u0432\u043f\u0430\u0434\u0430\u044e\u0442 \u0438\u043b\u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c\u0438, \u0430 \u0437\u043d\u0430\u0447\u0438\u0442, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u0441\u0445\u043e\u0436\u0438\u0445 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u0430\u0445, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u0447\u0430\u0441\u0442\u043e \u043a \u00ab\u043f\u043e\u0440\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e\u00bb \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u0430\u0442\u0430\u043a \u0434\u043b\u044f Linux \u043d\u0430 Windows \u0438 \u043d\u0430\u043e\u0431\u043e\u0440\u043e\u0442.\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0430\u0442\u0430\u043a \u0441 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows \u0432\u044b\u0440\u043e\u0441\u043b\u043e \u043f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c \u043f\u0435\u0440\u0438\u043e\u0434\u043e\u043c \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u041a\u0430\u043a \u0438 \u043f\u0440\u0435\u0436\u0434\u0435, \u043b\u044c\u0432\u0438\u043d\u0430\u044f \u0434\u043e\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0431\u044b\u043b\u0430 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Microsoft Office.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u0447\u0430\u0449\u0435 \u0438\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0441\u0442\u0430\u0440\u044b\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c: CVE-2018-0802, CVE-2017-11882 (\u043e\u0431\u0435 RCE \u0432 Equation Editor), CVE-2017-0199 (Microsoft Office \u0438 WordPad).\n\n\u0412\u0441\u0435 \u0442\u0440\u0438 \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0438\u0441\u044c \u0441\u0430\u043c\u044b\u043c\u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u043c\u0438 \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 2024 \u0433\u043e\u0434\u0430, \u0438 \u043c\u044b \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u043c, \u0447\u0442\u043e \u0442\u0430\u043a\u0430\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u0441\u044f \u0438 \u0432 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c.\n\n\u0417\u0430 \u043d\u0438\u043c\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 WinRAR \u0438 \u0432 \u0441\u0430\u043c\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Windows: CVE-2023-38831 (WinRAR), CVE-2024-35250 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430\u00a0ks.sys) \u0438 CVE-2022-3699 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 Lenovo Diagnostics).\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0431\u043e\u043b\u044c\u0448\u0435 \u0432\u0441\u0435\u0433\u043e \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c: CVE-2022-0847 (Dirty Pipe), CVE-2019-13272 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043d\u0430\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439) \u0438 CVE-2021-3156 (\u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438 \u0432 \u0443\u0442\u0438\u043b\u0438\u0442\u0435\u00a0sudo).\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043a\u0430\u043a \u0441\u0430\u043c\u043e\u0435 \u0441\u043b\u043e\u0436\u043d\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u043b\u0438\u0434\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0443 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0439 \u0440\u043e\u0441\u0442 \u0447\u0438\u0441\u043b\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430\u043c - \u044d\u0442\u0430 \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u043b\u0430\u0441\u044c \u0438 \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 \u0432\u0441\u0435\u0433\u043e \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0430\u043a\u0436\u0435 \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u043b\u0430\u0441\u044c \u0434\u043e\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Microsoft Office.\n\n\u0418\u0437\u0443\u0447\u0438\u0432 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 APT, \u0432 \u041b\u041a \u0432\u044b\u0434\u0435\u043b\u0438\u043b\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0435\u0441\u044f \u0432 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430: CVE-2025-0282, CVE-2024-21887 \u0438 CVE-2025-0283 (Ivanti Connect Secure), CVE-2020-1472 (Netlogon Windows), CVE-2023-46805 (Ivanti ICS), CVE-2023-48788 (Fortinet) \u0438 \u0434\u0440.\n\n\u041e\u0442\u043c\u0435\u0442\u0438\u043c, \u0447\u0442\u043e \u0432 TOP 10 \u0432\u0435\u0440\u043d\u0443\u043b\u0430\u0441\u044c \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Zerologon, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0443 \u0434\u043e\u043c\u0435\u043d\u0430.\n\n\u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0432 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u041b\u041a \u0432\u044b\u0434\u0435\u043b\u0438\u043b\u0438: \n\n- ZDI-CAN-25373: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 lnk-\u0444\u0430\u0439\u043b\u043e\u0432 \u0432 \u041e\u0421 Windows;\n\n- CVE-2025-21333: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043a\u0443\u0447\u0435 \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 vkrnlintvsp.sys;\n\n- CVE-2025-24071: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0442\u0435\u0447\u043a\u0438 NetNTLM-\u0445\u044d\u0448\u0430 \u0432 \u0438\u043d\u0434\u0435\u043a\u0441\u0430\u0442\u043e\u0440\u0435 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0430\u044f \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 \u0438 \u0438\u043d\u0444\u043e\u0433\u0440\u0430\u0444\u0438\u043a\u0430 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-06-04T18:00:07.000000Z"}, {"uuid": "153cb10b-e7c2-42b0-9cdc-987380330219", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/CyberBulletin/1793", "content": "\u26a1\ufe0fAttackers are exploiting Fortinet's CVE-2023-48788 (CVSS 9.3) to install remote desktop tools like AnyDesk and ScreenConnect.\n\n#CyberBulletin", "creation_timestamp": "2024-12-20T16:21:50.000000Z"}, {"uuid": "01423444-685a-4f54-a121-1dadd58ac62b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://t.me/kasperskylab_ru/5786", "content": "\u041a \u0447\u0435\u043c\u0443 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043f\u0440\u0435\u043d\u0435\u0431\u0440\u0435\u0436\u0435\u043d\u0438\u0435 \u0441\u0432\u043e\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0437\u0430\u0449\u0438\u0442\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c?\n\n\u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2023-48788 \u0432 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 FortiClient EMS. \u0417\u0430 \u0430\u043d\u0430\u043b\u0438\u0437 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430 \u0432\u0437\u044f\u043b\u0438\u0441\u044c \u043d\u0430\u0448\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0438\u0437 GERT \u0438 \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0442\u0430\u043a\u0442\u0438\u043a\u0438, \u0442\u0435\u0445\u043d\u0438\u043a\u0438 \u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0435\u0440\u0438\u044e \u043f\u043e\u0445\u043e\u0436\u0438\u0445 \u0430\u0442\u0430\u043a, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0432\u0441\u0451 \u0442\u0443 \u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 \u043e \u043d\u0430\u0445\u043e\u0434\u043a\u0430\u0445 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u043e\u0432 \u00ab\u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e\u00bb \u2014 \u0432 \u043d\u0430\u0448\u0435\u0439 \u0441\u0442\u0430\u0442\u044c\u0435.", "creation_timestamp": "2025-01-15T08:11:16.000000Z"}, {"uuid": "f8dd8b69-f477-474d-92ff-7b48e024704c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/kasperskyb2b/1561", "content": "\ud83e\udd76 \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0438 \u0432\u0441\u0435 \u043e\u0442 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0418\u0411 \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\u0414\u0435\u0442\u0430\u043b\u044c\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 kill chain \u0445\u0430\u043a\u0442\u0438\u0432\u0438\u0441\u0442\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b Cyber Anarchy Squad, \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0420\u0424 \u0438 \u0420\u0411 \u0431\u0435\u0437 \u043e\u0433\u043b\u044f\u0434\u043a\u0438 \u043d\u0430 \u0438\u043d\u0434\u0443\u0441\u0442\u0440\u0438\u044e. \u041d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u0435 \u0432\u0435\u0434\u0451\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Jira, Confluence \u0438 MS SQL, \u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0430\u0442\u0430\u043a \u0441\u043e\u0447\u0435\u0442\u0430\u044e\u0442 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b, \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u044e \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0443\u043d\u0438\u0447\u0442\u043e\u0436\u0435\u043d\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u0412 \u0430\u0442\u0430\u043a\u0430\u0445 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442\u0441\u044f \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u044d\u043a\u0437\u043e\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 Revenge RAT \u0438 Spark RAT.\n\n\ud83d\ude36\u200d\ud83c\udf2b\ufe0f \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 CVE-2023-48788 \u0432 FortiClient EMS, \u0437\u0430\u043a\u0440\u044b\u0442\u0443\u044e \u0435\u0449\u0451 \u0432 \u0430\u043f\u0440\u0435\u043b\u0435. \u041f\u043e\u0441\u043b\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u044e\u0442 ConnectWise \u0438 \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0442 \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u0442\u044c \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0432 \u0441\u0435\u0442\u0438 \u2014 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0430\u0442\u0430\u043a\u0438 \u0432 \u043d\u0430\u0448\u0435\u043c \u043f\u043e\u0441\u0442\u0435.\n\n\ud83d\udc7b \u0414\u0430\u0440\u043a\u043d\u0435\u0442-\u043f\u0440\u043e\u0433\u043d\u043e\u0437 \u043d\u0430 2025:  \u043c\u0438\u0433\u0440\u0430\u0446\u0438\u044f \u043e\u0431\u0440\u0430\u0442\u043d\u043e \u0432 \u0434\u0430\u0440\u043a\u0432\u0435\u0431 \u0438\u0437 Telegram, \u0444\u0440\u0430\u0433\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u044f \u0431\u0430\u043d\u0434 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u043a\u0440\u0443\u043f\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a.\n\n\u0410 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 APT Cloud Atlas, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0441 2014 \u0433\u043e\u0434\u0430 \u0448\u043f\u0438\u043e\u043d\u0438\u0442 \u0437\u0430 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c\u0438 \u0432 \u0420\u043e\u0441\u0441\u0438\u0438, \u0412\u043e\u0441\u0442\u043e\u0447\u043d\u043e\u0439 \u0415\u0432\u0440\u043e\u043f\u0435 \u0438 \u0410\u0437\u0438\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u043d\u043e\u0432\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 VBCloud. \u0426\u0435\u043b\u0435\u0432\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0432 \u0437\u0430\u0440\u0430\u0436\u0451\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 PowerShell, \u0430 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u04212 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442\u0441\u044f \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0435 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0430.\n\n\ud83d\udc7d \u0412 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 DeathNote/DreamJob, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0440\u0443\u044e\u0442 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0435 Lazarus, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u043d\u043e\u0432\u044b\u0435 \u043c\u0438\u0448\u0435\u043d\u0438 \u0438 \u043d\u043e\u0432\u044b\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b. \u0421\u0432\u0435\u0436\u0430\u044f \u0432\u043e\u043b\u043d\u0430 \u0430\u0442\u0430\u043a \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 \u0430\u0442\u043e\u043c\u043d\u0443\u044e \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u044c, \u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0439 \u0430\u0442\u0430\u043a\u0438 \u043f\u043e\u043f\u043e\u043b\u043d\u0438\u043b\u0441\u044f \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u043c CookiePlus, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043d \u043f\u043e\u0434 \u043f\u043b\u0430\u0433\u0438\u043d \u043a Notpad++.\n\n\ud83d\udc18 \u041d\u043e\u0432\u0430\u044f \u0441\u0445\u0435\u043c\u0430 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f Android-\u0431\u0430\u043d\u043a\u0435\u0440\u0430 Mamont \u2014 \u0436\u0435\u0440\u0442\u0432\u0430\u043c \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u044e\u0442 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0441\u0432\u043e\u0435\u0439 \u043f\u043e\u043a\u0443\u043f\u043a\u0438 \u0438 \u043e\u043f\u043b\u0430\u0442\u044b \u043f\u043e\u0441\u043b\u0435 (!) \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u044b\u043b\u043a\u0438. \u041e\u0431\u0449\u0435\u043d\u0438\u0435 \u0441 \u0436\u0435\u0440\u0442\u0432\u0430\u043c\u0438 \u0432\u0435\u0434\u0451\u0442\u0441\u044f \u0432 Telegram.\n\n\u0410\u043d\u0430\u043b\u0438\u0437 \u044d\u0432\u043e\u043b\u044e\u0446\u0438\u0438 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430 BellaCiao, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u0445\u043e\u0434\u0438\u0442 \u0432 \u0430\u0440\u0441\u0435\u043d\u0430\u043b APT Charming Kitten. \u0420\u0430\u043d\u0435\u0435 \u0431\u044b\u043b\u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b \u0432\u0435\u0440\u0441\u0438\u0438 \u043d\u0430 .Net, \u0430 \u0442\u0435\u043f\u0435\u0440\u044c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0439 \u043f\u043e\u043f\u043e\u043b\u043d\u0438\u043b\u0441\u044f \u0432\u0435\u0440\u0441\u0438\u0435\u0439 \u043d\u0430 C++. \u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u043e\u0442\u043b\u0430\u0434\u043e\u0447\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 PDB, \u043c\u043e\u0436\u043d\u043e \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u0442\u044c\u0441\u044f \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0412\u041f\u041e, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u044f\u0445 \u043a\u043e\u043c\u043f\u0438\u043b\u044f\u0446\u0438\u0438 \u0438 \u0434\u0430\u0436\u0435 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u043c\u044b\u0445 \u043c\u0438\u0448\u0435\u043d\u044f\u0445 \u0430\u0442\u0430\u043a\u0438.\n\n\ud83c\udf1a \u0410\u0442\u0430\u043a\u0438 \u043d\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u043c\u043d\u043e\u0436\u0430\u0442\u0441\u044f: \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e 18 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0439 VSCode \u0438 9 \u0437\u043b\u043e\u0432\u0440\u0435\u0434\u043d\u044b\u0445 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a \u0432 npm (1, 2). \n\n\u041e\u0431\u0437\u043e\u0440 \u0430\u0442\u0430\u043a watering hole, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u044f\u043f\u043e\u043d\u0441\u043a\u0438\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u0420\u0430\u0437\u0431\u043e\u0440 \u043d\u043e\u0432\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u0412\u041f\u041e \u0433\u0440\u0443\u043f\u043f\u044b Diicot, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 Linux-\u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043a\u0430\u043a \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u044b\u0435, \u0442\u0430\u043a \u0438 \u0440\u0430\u0431\u043e\u0447\u0438\u0435 \u0441\u0442\u0430\u043d\u0446\u0438\u0438. \u041e\u0441\u043d\u043e\u0432\u043d\u044b\u043c \u0432\u0435\u043a\u0442\u043e\u0440\u043e\u043c \u0430\u0442\u0430\u043a\u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0441\u043b\u0430\u0431\u043e \u0437\u0430\u0449\u0438\u0449\u0451\u043d\u043d\u044b\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u044b \u043f\u043e SSH.  \n\n\ud83d\udd14 \u041c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u0430\u044f \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u0430\u044f \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u0430 \u0447\u0435\u0440\u0435\u0437 \u043e\u043f\u043e\u0432\u0435\u0449\u0435\u043d\u0438\u044f Google Calendar.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 #APT @\u041f2\u0422", "creation_timestamp": "2024-12-23T09:14:45.000000Z"}, {"uuid": "d03750ab-abf6-458e-8590-3a71600162d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "Telegram/Mngct84mCz7lSDx0uk4uMuQLf745FDPXeRIP1hndScImTw", "content": "", "creation_timestamp": "2024-03-26T07:20:50.000000Z"}, {"uuid": "38cedb77-9e20-4f0b-b59a-d25464d60db1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48785", "type": "seen", "source": "https://t.me/cvedetector/20326", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-48785 - FortiNAC-F Certificate Validation Weakness\", \n  \"Content\": \"CVE ID : CVE-2023-48785 \nPublished : March 14, 2025, 4:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T19:13:26.000000Z"}, {"uuid": "0f364cf4-811d-4343-9306-c36576256b87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/HackingInsights/14002", "content": "\u200aCVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet EMS\n\nhttps://securityonline.info/cve-2023-48788-exploited-researcher-details-cyberattacks-on-fortinet-ems/", "creation_timestamp": "2024-09-22T17:57:05.000000Z"}, {"uuid": "3dbd5b76-652e-4c05-ad85-6d08d5adcce2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "Telegram/qJDb0ndiLlSIpTwg0L8sGH2LZsU4iYvq1EkFABMG5KHwOA", "content": "", "creation_timestamp": "2024-04-17T15:35:56.000000Z"}, {"uuid": "9b286685-ca18-462a-9f43-4fc1c3078346", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/CyberBulletin/680", "content": "\u26a1\ufe0fMedusa Exploits Fortinet Flaw (CVE-2023-48788) for Stealthy Ransomware Attacks.\n\n#CyberBulletin", "creation_timestamp": "2024-09-15T15:58:03.000000Z"}, {"uuid": "0c642b0d-f5ee-4649-bad2-763a13807dd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "published-proof-of-concept", "source": "https://t.me/Teamx1945x/6847", "content": "https://github.com/horizon3ai/CVE-2023-48788\n\nFortinet FortiClient EMS SQL Injection\n#github #poc", "creation_timestamp": "2024-06-08T00:09:11.000000Z"}, {"uuid": "7f113b4c-599e-4a15-b0b2-47790563b577", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "published-proof-of-concept", "source": "Telegram/BFvgnSqbLR6b7c5-JIJtRp8CD5gMln4mDmDgZVmWMP9BZg", "content": "", "creation_timestamp": "2024-03-22T17:43:01.000000Z"}, {"uuid": "cfe51325-5bf8-437d-bc2e-0bb0dafd1243", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/4411", "content": "The Hacker News\nCISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.\nThe vulnerabilities added are as follows -\n\nCVE-2023-48788 (CVSS score: 9.3) - Fortinet FortiClient EMS SQL Injection Vulnerability\nCVE-2021-44529 (CVSS score: 9.8) - Ivanti", "creation_timestamp": "2024-03-26T07:20:51.000000Z"}, {"uuid": "abdbbc5f-4f41-4bb8-828e-80b75f08705a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/1643", "content": "\u200aCVE-2023-48788: Revisiting Fortinet FortiClient EMS to Exploit 7.2.X\n\nhttps://www.horizon3.ai/attack-research/cve-2023-48788-revisiting-fortinet-forticlient-ems-to-exploit-7-2-x/", "creation_timestamp": "2024-06-05T11:43:02.000000Z"}, {"uuid": "00ba1b0f-c724-48a7-9738-4387f971f202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://t.me/arpsyndicate/4732", "content": "#ExploitObserverAlert\n\nCVE-2023-48788\n\nDESCRIPTION: Exploit Observer has 78 entries in 9 file formats related to CVE-2023-48788. A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.\n\nFIRST-EPSS: 0.562220000\nNVD-IS: 5.9\nNVD-ES: 3.9\nARPS-PRIORITY: 0.9246164", "creation_timestamp": "2024-04-21T11:40:19.000000Z"}, {"uuid": "117e9d03-191a-4adc-8d8b-b3baa8a956bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48784", "type": "seen", "source": "https://t.me/arpsyndicate/4512", "content": "#ExploitObserverAlert\n\nCVE-2023-48784\n\nDESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-48784. A\u00a0use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, version 7.0.14 and below, version 6.4.15 and below command line interface may allow a local\u00a0privileged attacker with super-admin profile and CLI access\u00a0to execute arbitrary code or commands via specially crafted requests.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-04-11T11:09:19.000000Z"}, {"uuid": "e561bcef-4c57-42c4-8ad9-19df50da32d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "Telegram/lvSx9mMlLtFKi8E1bKG9QE8-DBE32mfFsPXZxFV-Ra_jPg", "content": "", "creation_timestamp": "2024-03-26T07:53:45.000000Z"}, {"uuid": "9753a2fc-1ef1-421d-8f8d-105afabd1740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://t.me/arpsyndicate/4196", "content": "#ExploitObserverAlert\n\nCVE-2023-48788\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2023-48788. A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.", "creation_timestamp": "2024-03-13T22:21:33.000000Z"}, {"uuid": "dc922b17-8022-4f05-a75e-73734a51d182", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "Telegram/Qq1z8SIBiJdzJR0ns7UYIFZz1uHaCQPHtXKa58GgkBBiEg", "content": "", "creation_timestamp": "2024-12-20T10:46:42.000000Z"}, {"uuid": "d4b8e0ba-3f6c-44b4-8bc5-e897dfa6991e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "Telegram/HL6WBQu6yKKJ0t_mK9NqcbdpdoorpQpHkmF0yC1UVWXFrA", "content": "", "creation_timestamp": "2024-04-17T14:06:22.000000Z"}, {"uuid": "9cd880d6-fb73-4c79-ba46-6f7bcfb0e3dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://t.me/true_secator/6473", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Trend Micro \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u043e\u0432\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 GhostSpider, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0441\u044f Salt Typhoon (Earth Estries, GhostEmperor \u0438\u043b\u0438 UNC2286) \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432 \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0443\u0441\u043b\u0443\u0433.\n\n\u041f\u043e\u043c\u0438\u043c\u043e GhostSpider Salt Typhoon \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043d\u0430\u0431\u043e\u0440 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0438 \u0441\u0442\u0440\u043e\u0433\u0438\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u0441\u043b\u043e\u0436\u043d\u044b\u0445 \u043c\u043d\u043e\u0433\u043e\u044d\u0442\u0430\u043f\u043d\u044b\u0445 \u0430\u0442\u0430\u043a: SNAPPYBEE (Deed RAT), SparrowDoor, CrowDoor \u0438 MASOL RAT \u0434\u043b\u044f Linux, \u0440\u0443\u0442\u043a\u0438\u0442 DEMODEX, ShadowPad, NeoReGeorg, frpc\u00a0\u0438 Cobalt Strike.\n\nSalt Typhoon - \u044d\u0442\u043e \u0441\u043b\u043e\u0436\u043d\u0430\u044f \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0441 2019 \u0433\u043e\u0434\u0430 \u0438 \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u0432\u0437\u043b\u043e\u043c\u0435 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u0438 \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439, \u0441\u0440\u0435\u0434\u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0436\u0435\u0440\u0442\u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 Verizon, AT&T, Lumen Technologies \u0438\u00a0T-Mobile.\n\n\u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u043c \u0443\u0441\u043f\u0435\u0448\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0430\u043c, \u043a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 Washington Post, Salt Typhoon \u0442\u0430\u043a\u0436\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c\u00a0\u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u043e\u0439 \u043f\u0435\u0440\u0435\u043f\u0438\u0441\u043a\u0435\u00a0\u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c 150 \u0434\u043e\u043b\u0436\u043d\u043e\u0441\u0442\u043d\u044b\u0445 \u043b\u0438\u0446 \u0438\u0437 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u0421\u0428\u0410 \u0438 \u043f\u043e\u0445\u0438\u0442\u0438\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u043d\u0438\u0435\u043c \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043d\u044b\u0445 \u0440\u0430\u0437\u0433\u043e\u0432\u043e\u0440\u043e\u0432.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c\u00a0Trend Micro, Salt Typhoon \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b \u0442\u0435\u043b\u0435\u043a\u043e\u043c, \u0433\u043e\u0441\u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f, \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0435, \u043a\u043e\u043d\u0441\u0430\u043b\u0442\u0438\u043d\u0433\u043e\u0432\u044b\u0435, \u0445\u0438\u043c\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0438 \u0442\u0440\u0430\u043d\u0441\u043f\u043e\u0440\u0442\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0432 \u0421\u0428\u0410, \u0410\u0437\u0438\u0430\u0442\u0441\u043a\u043e-\u0422\u0438\u0445\u043e\u043e\u043a\u0435\u0430\u043d\u0441\u043a\u043e\u043c \u0440\u0435\u0433\u0438\u043e\u043d\u0435, \u043d\u0430 \u0411\u043b\u0438\u0436\u043d\u0435\u043c \u0412\u043e\u0441\u0442\u043e\u043a\u0435, \u0432 \u042e\u0436\u043d\u043e\u0439 \u0410\u0444\u0440\u0438\u043a\u0435 \u0438 \u0434\u0440.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u0434\u0432\u0430\u0434\u0446\u0430\u0442\u0438 \u0441\u043b\u0443\u0447\u0430\u0435\u0432, \u043a\u043e\u0433\u0434\u0430 Salt Typhoon \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f, \u0432 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445, \u0438\u0445 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432.\n\n\u0412 \u043e\u0442\u0447\u0435\u0442\u0435 \u043e\u0441\u043e\u0431\u043e\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0443\u0434\u0435\u043b\u0435\u043d\u043e \u0434\u0432\u0443\u043c \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u043c: \n- \u0410\u043b\u044c\u0444\u0430, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u0442\u0430\u0439\u0432\u0430\u043d\u044c\u0441\u043a\u043e\u0435 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e \u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u0439 \u0445\u0438\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0440\u043e\u0434\u0443\u043a\u0446\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c Demodex \u0438 SnappyBee,\n- \u0411\u0435\u0442\u0430 - \u0434\u043e\u043b\u0433\u043e\u0441\u0440\u043e\u0447\u043d\u044b\u0439 \u0448\u043f\u0438\u043e\u043d\u0430\u0436 \u043f\u0440\u043e\u0442\u0438\u0432 \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0438 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u042e\u0433\u043e-\u0412\u043e\u0441\u0442\u043e\u0447\u043d\u043e\u0439 \u0410\u0437\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c GhostSpider \u0438 Demodex.\n\n\u041f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0434\u043e\u0441\u0442\u0438\u0433\u0430\u0435\u0442\u0441\u044f \u043f\u0443\u0442\u0435\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u0442\u043e\u0447\u0435\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c: CVE-2023-46805, CVE-2024-21887\u00a0(VPN-\u0441\u0435\u0440\u0432\u0438\u0441 Ivanti Connect), CVE-2023-48788 (FortiClient EMS), CVE-2022-3236 (\u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440 Sophos), CVE-2021-26855, CVE-2021-26857 - 26858, CVE-2021-27065 (ProxyLogon).\n\nSalt Typhoon \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b LOLbin \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0440\u0430\u0437\u0432\u0435\u0434\u044b\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0438 \u0433\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u043f\u043e \u0441\u0435\u0442\u0438 \u043d\u0430 \u044d\u0442\u0430\u043f\u0435 \u043f\u043e\u0441\u043b\u0435 \u0432\u0437\u043b\u043e\u043c\u0430.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, GhostSpider - \u044d\u0442\u043e \u043c\u043e\u0434\u0443\u043b\u044c\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043d\u044b\u0439 \u0434\u043b\u044f \u0434\u043e\u043b\u0433\u043e\u0441\u0440\u043e\u0447\u043d\u044b\u0445 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439, \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u0432\u044b\u0441\u043e\u043a\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u0441\u043a\u0440\u044b\u0442\u043d\u043e\u0441\u0442\u0438, \u0434\u043e\u0441\u0442\u0438\u0433\u0430\u0435\u043c\u043e\u0433\u043e \u0437\u0430 \u0441\u0447\u0435\u0442 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432 \u043f\u0430\u043c\u044f\u0442\u0438.\n\n\u041e\u043d \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442\u0441\u044f \u0432 \u0446\u0435\u043b\u0435\u0432\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 DLL \u0438 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0441\u043b\u0443\u0436\u0431\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u043e\u0433\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 regsvr32.exe, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u0432\u0442\u043e\u0440\u0438\u0447\u043d\u044b\u0439 \u043c\u043e\u0434\u0443\u043b\u044c, \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a \u043c\u0430\u044f\u043a\u043e\u0432, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0432 \u043f\u0430\u043c\u044f\u0442\u044c.\n\nGhostSpider \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0435 \u043e\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f (C2), \u0441\u043a\u0440\u044b\u0442\u044b\u0435 \u0432 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0430\u0445 HTTP \u0438\u043b\u0438 \u0444\u0430\u0439\u043b\u0430\u0445 cookie, \u0447\u0442\u043e\u0431\u044b \u0441\u043c\u0435\u0448\u0438\u0432\u0430\u0442\u044c\u0441\u044f \u0441 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u043c \u0442\u0440\u0430\u0444\u0438\u043a\u043e\u043c. \u0421\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 \u043a\u043e\u043c\u0430\u043d\u0434 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0431\u044d\u043a\u0434\u043e\u0440\u0443 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c, \u0430\u0440\u0441\u0435\u043d\u0430\u043b Salt Typhoon \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043e\u0431\u0448\u0438\u0440\u0435\u043d \u0438 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u0438\u0437\u0443\u0435\u0442 \u0435\u0435 \u043a\u0430\u043a \u043e\u0434\u043d\u0443 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0430\u0433\u0440\u0435\u0441\u0441\u0438\u0432\u043d\u044b\u0445 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 APT.", "creation_timestamp": "2024-11-26T13:40:05.000000Z"}, {"uuid": "0258c93e-91e5-4491-bf67-50a5eaa3305f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/KomunitiSiber/1798", "content": "Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign\nhttps://thehackernews.com/2024/04/hackers-exploit-fortinet-flaw-deploy.html\n\nCybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads.\nThe activity entails the exploitation of\u00a0CVE-2023-48788\u00a0(CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to execute unauthorized code or", "creation_timestamp": "2024-04-17T14:29:08.000000Z"}, {"uuid": "3d12d655-6c8b-46dd-8868-93b654c1feb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/KomunitiSiber/1688", "content": "CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products\nhttps://thehackernews.com/2024/03/cisa-alerts-on-active-exploitation-of.html\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday\u00a0placed\u00a0three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.\nThe vulnerabilities added are as follows -\n\nCVE-2023-48788\u00a0(CVSS score: 9.3) - Fortinet FortiClient EMS SQL Injection Vulnerability\nCVE-2021-44529\u00a0(CVSS score: 9.8) - Ivanti", "creation_timestamp": "2024-03-26T07:46:39.000000Z"}, {"uuid": "44323d9c-6523-41d9-9fdc-f77b31c802ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/1086", "content": "The Hacker News\nHackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign\n\nCybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads.\nThe activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to execute unauthorized code or", "creation_timestamp": "2024-04-17T15:35:57.000000Z"}, {"uuid": "b6dc40a0-8e53-4529-8b76-693051224efa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/816", "content": "The Hacker News\nCISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.\nThe vulnerabilities added are as follows -\n\nCVE-2023-48788 (CVSS score: 9.3) - Fortinet FortiClient EMS SQL Injection Vulnerability\nCVE-2021-44529 (CVSS score: 9.8) - Ivanti", "creation_timestamp": "2024-03-26T07:20:51.000000Z"}, {"uuid": "95334976-6386-42ab-8f3e-e25b00d3974f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "published-proof-of-concept", "source": "Telegram/9oLnCvL8Tq2XNT-mEnvvp0lfwtvPeNeqjPO-qE7TAu5Ljrw", "content": "", "creation_timestamp": "2024-05-14T10:48:05.000000Z"}, {"uuid": "f4f02621-3759-4ed1-91b0-3f4102617033", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://t.me/true_secator/6855", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043e\u0442\u0447\u0435\u0442 \u043f\u043e \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b \u0437\u0430 2024 \u0433\u043e\u0434.\n\n\u0412 \u043d\u0435\u043c \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b \u0430\u043d\u043e\u043d\u0438\u043c\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f\u043c, \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 GERT, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 \u0438 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u0438 \u043f\u043e \u0446\u0435\u043b\u0435\u0432\u044b\u043c \u0430\u0442\u0430\u043a\u0430\u043c, ransomware \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u043c \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0433\u043e\u0434\u0430 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u0445.\n\n\u0412 2024 \u0433\u043e\u0434\u0443 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0441\u044f \u0440\u043e\u0441\u0442 \u0434\u043e\u043b\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0440\u0435\u0433\u0438\u043e\u043d\u043e\u0432, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0431\u043e\u043b\u044c\u0448\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0439 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u043b\u0430\u0441\u044c \u0432 \u0441\u0442\u0440\u0430\u043d\u0430\u0445 \u0421\u041d\u0413 (50,6%), \u043d\u0430 \u0411\u043b\u0438\u0436\u043d\u0435\u043c \u0412\u043e\u0441\u0442\u043e\u043a\u0435 (15,7%) \u0438 \u0432 \u0415\u0432\u0440\u043e\u043f\u0435 (10,8%).\n\n\u0420\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 IR-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043f\u043e \u043e\u0442\u0440\u0430\u0441\u043b\u044f\u043c \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u043e \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0435 2023 \u0433\u043e\u0434\u0430, \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0432 \u0432 \u0442\u0440\u043e\u0439\u043a\u0435 \u043b\u0438\u0434\u0435\u0440\u043e\u0432 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0435 (23,5%), \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 (16,3%) \u0438 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u0435 (13,3%) \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443 \u0431\u043e\u043b\u044c\u0448\u0438\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043f\u043e\u0441\u0442\u0443\u043f\u0438\u043b\u0430 \u043e\u0442 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u0439, \u0442\u043e\u0433\u0434\u0430 \u043a\u0430\u043a \u0433\u043e\u0441\u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u043b\u0438\u0441\u044c \u0430\u0442\u0430\u043a\u0430\u043c \u0440\u0435\u0436\u0435, \u0447\u0435\u043c \u0433\u043e\u0434\u043e\u043c \u0440\u0430\u043d\u0435\u0435.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u0442\u0441\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f \u043a \u0440\u043e\u0441\u0442\u0443 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0442\u0440\u0430\u043d\u0441\u043f\u043e\u0440\u0442\u043d\u043e\u0439 \u043e\u0442\u0440\u0430\u0441\u043b\u044c\u044e - \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043d\u0430 IR-\u0443\u0441\u043b\u0443\u0433\u0438 \u0441 2023 \u0433\u043e\u0434\u0430 \u0432\u044b\u0440\u043e\u0441\u043b\u043e \u0432\u0434\u0432\u043e\u0435.\n\n\u0412 2024 \u0433\u043e\u0434\u0443 \u0447\u0438\u0441\u043b\u043e \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c ransomware \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u043b\u043e\u0441\u044c \u043d\u0430 8,3 \u043f\u0443\u043d\u043a\u0442\u043e\u0432 \u043f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f\u043c\u0438 2023 \u0433\u043e\u0434\u0430 \u0438 \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u043e 41,6% \u043e\u0442 \u043e\u0431\u0449\u0435\u0433\u043e \u0447\u0438\u0441\u043b\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432.\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u0440\u043e\u0433\u043d\u043e\u0437\u0438\u0440\u0443\u044e\u0442, \u0447\u0442\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 \u043e\u0441\u0442\u0430\u043d\u0443\u0442\u0441\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443 \u0438 \u0432 \u0442\u0435\u043a\u0443\u0449\u0435\u043c \u0433\u043e\u0434\u0443, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043b\u0435\u0442, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u044d\u0442\u0430 \u0443\u0433\u0440\u043e\u0437\u0430 \u0437\u0430\u043d\u0438\u043c\u0430\u0435\u0442 \u043b\u0438\u0434\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043f\u043e\u0437\u0438\u0446\u0438\u0438 \u0441\u0440\u0435\u0434\u0438 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u0432 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u0445.\n\n\u0412 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0441\u043b\u0443\u0447\u0430\u0435\u0432 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0439 \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u043b\u0438\u0441\u044c \u043e\u0431\u0440\u0430\u0437\u0446\u044b \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432\u0430 LockBit\u00a0(43,6%), \u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0442\u00a0Babuk\u00a0(9,1%) \u0438 Phobos (5,5%). \u0412\u044b\u044f\u0432\u043b\u0435\u043d\u044b \u0438 \u043d\u043e\u0432\u044b\u0435 \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a\u00a0ShrinkLocker\u00a0\u0438\u00a0Ymir.\n\n\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0439 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b GERT \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a\u00a0Tusk, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u044f\u0434 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432\u00a0\u0441 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0435\u0439 CVE-2023-48788.\n\n\u0415\u0449\u0435 \u043e\u0434\u043d\u043e\u0439 \u0442\u0440\u0435\u0432\u043e\u0436\u043d\u043e\u0439 \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u0435\u0439, \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u043a\u0435\u0439\u0441\u0430\u0445 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 \u0448\u0438\u0440\u043e\u043a\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0442\u0430\u043a\u0438\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u043a\u0430\u043a Mimikatz (21,8%) \u0438 PsExec (20,0%) \u043d\u0430 \u044d\u0442\u0430\u043f\u0435 \u043f\u043e\u0441\u0442\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u0438 \u0431\u043e\u043a\u043e\u0432\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f.\n\n\u041e\u0442\u0434\u0435\u043b\u044c\u043d\u043e \u0432 \u041b\u041a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0443\u0441\u0438\u043b\u0438\u0432\u0430\u044e\u0449\u0443\u044e\u0441\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044e, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u0443\u0442\u0435\u0447\u043a\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0442\u0435\u043f\u0435\u0440\u044c \u043d\u0430 \u0432\u0442\u043e\u0440\u043e\u043c \u043c\u0435\u0441\u0442\u0435 \u043f\u043e \u0447\u0430\u0441\u0442\u043e\u0442\u0435 IR-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (\u0432 16,9% \u0432\u0441\u0435\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432), \u0447\u0442\u043e \u043a\u043e\u0440\u0440\u0435\u043b\u0438\u0440\u0443\u0435\u0442 \u0441 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438 \u041b\u041a \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u0439 \u0432 \u043c\u0435\u0442\u043e\u0434\u0430\u0445 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c.\n\n\u041f\u043e\u043b\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f \u043e\u0442\u0447\u0435\u0442\u0430\u00a0\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u0437\u0434\u0435\u0441\u044c \u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u0445, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043d\u043e\u0432\u044b\u0435 \u0443\u0433\u0440\u043e\u0437\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u043c \u0440\u0430\u0437\u0431\u043e\u0440\u043e\u043c \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 APT \u0438 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u043e\u0439 \u043f\u043e \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u043c \u0433\u0440\u0443\u043f\u043f\u0430\u043c.", "creation_timestamp": "2025-03-19T13:00:07.000000Z"}, {"uuid": "19cbac6d-d73a-4a4c-9d64-e7a271fa946b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/true_secator/6580", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Fortinet FortiClient EMS \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0432\u043a\u043b\u044e\u0447\u0430\u044f AnyDesk \u0438 ScreenConnect.\n\n\u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e\u00a0CVE-2023-48788\u00a0(CVSS: 9,3), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0443 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Fortinet FortiClient EMS \u0432\u0435\u0440\u0441\u0438\u0439 7.0.1\u20137.0.10 \u0438 7.2.0\u20137.2.2.\n\n\u041f\u0440\u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0432 \u041b\u041a, \u0430\u0442\u0430\u043a\u0430 \u0431\u044b\u043b\u0430 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430 \u0438 \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440 Windows \u043d\u0435\u043d\u0430\u0437\u0432\u0430\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u044b\u043b \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0432 \u0441\u0435\u0442\u0438 \u0438 \u0438\u043c\u0435\u043b \u0434\u0432\u0430 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u043f\u043e\u0440\u0442\u0430, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 FortiClient EMS.\n\n\u0414\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430 \u043f\u043e\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-48788 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u0435\u043a\u0442\u043e\u0440\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0430 \u0437\u0430\u0442\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0439 \u0444\u0430\u0439\u043b ScreenConnect \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0445\u043e\u0441\u0442\u0443.\n\n\u041f\u043e\u0441\u043b\u0435 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0439 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u0438\u0441\u0442\u0443\u043f\u0430\u043b\u0438 \u043a \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0435 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0445 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u043e\u043a \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0433\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f, \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043e\u0431\u0445\u043e\u0434\u0430 \u0437\u0430\u0449\u0438\u0442\u044b \u0438 \u0434\u043e\u0441\u0442\u0438\u0436\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e\u0441\u0442\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f AnyDesk.\n\n\u0421\u0440\u0435\u0434\u0438 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u0445 \u0432 \u0445\u043e\u0434\u0435 \u0430\u0442\u0430\u043a\u0438: webbrowserpassview.exe (\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u0438\u0437 Internet Explorer (\u0432\u0435\u0440\u0441\u0438\u0438 4.0\u201311.0), Mozilla Firefox (\u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438), Google Chrome, Safari \u0438 Opera), Mimikatz, netpass64.exe \u0438 netscan.exe, \u0430 \u0442\u0430\u043a\u0436\u0435 HRSword.exe (\u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0442\u0435\u0445\u043d\u0438\u043a \u043e\u0431\u0445\u043e\u0434\u0430 \u0437\u0430\u0449\u0438\u0442\u044b).\n\n\u0412 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a \u0432\u044b\u0448\u0435\u043e\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044e \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0445 \u043d\u0430\u0433\u0440\u0443\u0437\u043e\u043a \u0438\u0437 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043d\u0435\u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 \u0434\u0440\u0443\u0433\u0438\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u042d\u0442\u043e \u0443\u0431\u0435\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u0435\u0442 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u0434\u0440\u0443\u0433\u0438\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u043b\u0438 \u0442\u043e\u0439 \u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u0441 \u0434\u0440\u0443\u0433\u043e\u0439 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u043e\u0439 \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u044d\u0442\u0430\u043f\u0430, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0446\u0435\u043b\u0435\u0439.\n\n\u041f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u0446\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u044b \u0432 \u0411\u0440\u0430\u0437\u0438\u043b\u0438\u0438, \u0425\u043e\u0440\u0432\u0430\u0442\u0438\u0438, \u0424\u0440\u0430\u043d\u0446\u0438\u0438, \u0418\u043d\u0434\u0438\u0438, \u0418\u043d\u0434\u043e\u043d\u0435\u0437\u0438\u0438, \u041c\u043e\u043d\u0433\u043e\u043b\u0438\u0438, \u041d\u0430\u043c\u0438\u0431\u0438\u0438, \u041f\u0435\u0440\u0443, \u0418\u0441\u043f\u0430\u043d\u0438\u0438, \u0428\u0432\u0435\u0439\u0446\u0430\u0440\u0438\u0438, \u0422\u0443\u0440\u0446\u0438\u0438 \u0438 \u041e\u0410\u042d, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043f\u043e\u0434\u0434\u043e\u043c\u0435\u043d\u044b ScreenConnect (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, infinity.screenconnect[.]com).\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u043f\u0440\u0438 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u044d\u0442\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u044b 23 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u043b\u0438\u0441\u044c \u043d\u043e\u0432\u044b\u0435 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u043f\u0440\u043e\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c CVE-2023-48788 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445.\n\n\u0422\u043e\u0433\u0434\u0430 \u0430\u043a\u0442\u043e\u0440\u044b \u043f\u044b\u0442\u0430\u043b\u0438\u0441\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442 PowerShell, \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043d\u044b\u0439 \u043d\u0430 \u0434\u043e\u043c\u0435\u043d\u0435 webhook[.]site, \u0447\u0442\u043e\u0431\u044b \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043f\u0435\u0440\u0435\u0447\u0435\u043d\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\u0418\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0438 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u0445 \u0430\u0442\u0430\u043a - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2024-12-25T11:00:07.000000Z"}, {"uuid": "031bcd7e-1153-4a1a-9ed9-9e6273b22a0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48782", "type": "seen", "source": "https://t.me/true_secator/6558", "content": "Fortinet \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\u00a0\u0432 Wireless LAN Manager (FortiWLM), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\nCVE-2023-34990 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,6 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u044e\u00a0\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\u00a0\u0432 NIST (NVD), \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438\u043b\u0438 \u043a\u043e\u043c\u0430\u043d\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043a \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435 /ems/cgi-bin/ezrf_lighttpd.cgi.\n\n\u041e\u043d\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 FortiWLM \u0432\u0435\u0440\u0441\u0438\u0439 8.6.0\u20138.6.5 (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 8.6.6 \u0438 \u0432\u044b\u0448\u0435) \u0438 8.5.0\u20138.5.4 (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 8.5.5 \u0438 \u0432\u044b\u0448\u0435).\n\n\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f  \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Horizon3.ai \u0417\u0430\u043a\u0443 \u0425\u044d\u043d\u043b\u0438.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c, CVE-2023-34990 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0433\u043e \u0447\u0442\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0443\u044e Horizon3.ai \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430\u00a0\u0435\u0449\u0435 \u0432 \u043c\u0430\u0440\u0442\u0435 \u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 \u0448\u0438\u0440\u043e\u043a\u043e\u0433\u043e \u043d\u0430\u0431\u043e\u0440\u0430 \u0438\u0437 \u0448\u0435\u0441\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0432 FortiWLM.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u0430, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0438 \u0438 \u0447\u0438\u0442\u0430\u0442\u044c \u043b\u044e\u0431\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f CVE-2023-34990 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0436\u0443\u0440\u043d\u0430\u043b\u0430 FortiWLM \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0441\u0435\u0430\u043d\u0441\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u043b\u043e\u0433\u0438\u043d, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0435\u043c\u0443 \u0442\u0430\u043a\u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0435 \u0442\u043e\u0447\u043a\u0438.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0442\u0435\u043c, \u0447\u0442\u043e \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0432\u0435\u0431-\u0441\u0435\u0430\u043d\u0441\u043e\u0432 \u043d\u0435 \u043c\u0435\u043d\u044f\u044e\u0442\u0441\u044f \u043c\u0435\u0436\u0434\u0443 \u0441\u0435\u0430\u043d\u0441\u0430\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0447\u0442\u043e\u0431\u044b \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0438\u0445 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f \u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443.\n\n\u0418 \u044d\u0442\u043e \u0435\u0449\u0435 \u043d\u0435 \u0432\u0441\u0435.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u0442\u044c CVE-2023-34990 \u0441\u00a0CVE-2023-48782 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 8,8), \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 FortiWLM 8.6.6 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f RCE \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 root.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u043d\u0435\u0435 Fortinet \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 CVE-2024-48889 (CVSS: 7.2) \u0432 FortiManager, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 FGFM.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Fortinet \u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442\u0441\u044f\u00a0\u043e\u0431\u044a\u0435\u043a\u0442\u043e\u043c \u043f\u0435\u0440\u0432\u043e\u043e\u0447\u0435\u0440\u0435\u0434\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u0435\u043c\u043b\u0435\u043d\u0438\u0439 \u043a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u044f, \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u0430\u0436\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0433\u0440\u043e\u0437.", "creation_timestamp": "2024-12-19T14:06:21.000000Z"}, {"uuid": "9e2fea70-daf3-46ca-9a2c-a4526c0ebeb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/true_secator/5557", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Horizon3 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438 PoC \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2023-48788 \u0432 FortiClient Enterprise Management Server (EMS) Fortinet.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0434\u0435\u043d\u044c \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 PoC Fortinet \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445.\n\n\u0425\u043e\u0442\u044f \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u043b\u0430 \u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 CVE-2023-48788 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.\n\nCVE-2023-48788 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f DB2 (DAS), \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0443\u044e \u0431\u0440\u0438\u0442\u0430\u043d\u0441\u043a\u0438\u043c NCSC \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 FortiClient EMS 7.0 (\u0441 7.0.1 \u043f\u043e 7.0.10) \u0438 7.2 (\u0441 7.2.0 \u043f\u043e 7.2.2) \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c RCE \u0441 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u041f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 Horizon3 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043d\u043e \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430.\n\n\u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0435\u0433\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c Microsoft SQL Server xp_cmdshell \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438 Windows \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\u041d\u043e \u0441\u0443\u0434\u044f \u043f\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u043c \u043e \u043d\u0430\u0447\u0430\u0432\u0448\u0435\u0439\u0441\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u043b\u0438\u0441\u044c \u0432 \u044d\u0442\u043e\u043c \u0432\u043e\u043f\u0440\u043e\u0441\u0435 \u0438 \u0431\u0443\u0434\u0443\u0442 \u043f\u044b\u043b\u0435\u0441\u043e\u0441\u0438\u0442\u044c FortiClient Enterprise Management Server (EMS), \u043a\u043e\u0442\u043e\u0440\u044b\u0445, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e Shodan, \u0432 \u0441\u0435\u0442\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0431\u043e\u043b\u0435\u0435 440 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432.", "creation_timestamp": "2024-03-22T15:30:05.000000Z"}, {"uuid": "a6a962b4-e037-4c47-b1d9-eb1e14712607", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://t.me/true_secator/5516", "content": "Fortinet \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 FortiOS, FortiProxy \u0438 FortiClientEMS.\n\n\u041e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0438\u0445 CVE-2023-42789, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u0432\u043d\u0435 \u0433\u0440\u0430\u043d\u0438\u0446 \u0432 FortiOS \u0438 FortiProxy, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0438\u043b\u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Fortinet \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0440\u0435\u0448\u0435\u043d\u0430 \u0432 \u0441\u043e\u0432\u043e\u043a\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0441 \u0434\u0440\u0443\u0433\u043e\u0439 CVE-2023-42790, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0441\u0442\u0435\u043a\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a RCE.\n\n\u041e\u0431\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c FortiOS 7.4.2, 7.2.6, 7.0.13, 6.4.15 \u0438 6.2.16, \u0430 \u0442\u0430\u043a\u0436\u0435 FortiProxy 7.4.1, 7.2.7, 7.0.13 \u0438 2.0.14.\n\n\u0412\u0442\u043e\u0440\u043e\u0439 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0442\u044f\u0436\u0435\u0441\u0442\u0438 - CVE-2023-48788, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0432 FortiClientEMS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0438\u043b\u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0447\u0435\u0440\u0435\u0437 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0440\u0435\u0448\u0435\u043d\u0430 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c FortiClientEMS 7.2.3 \u0438 7.0.11.\n\n\u0421\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e Fortinet \u043e\u0446\u0435\u043d\u0438\u043b \u043a\u0430\u043a CVE-2023-42789, \u0442\u0430\u043a \u0438 CVE-2023-48788 \u043d\u0430 9,3 \u043f\u043e CVSS, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a NIST NVD \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043e\u0431\u0430 \u0441 CVSS 9,8.\n\nFortinet \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u0445 \u0440\u044f\u0434\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 FortiOS \u0438 FortiProxy (\u0432\u0435\u0434\u0443\u0449\u0443\u044e \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438), FortiClientEMS (\u0432\u0435\u0434\u0443\u0449\u0443\u044e \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u043c\u0430\u043d\u0434) \u0438 \u0432 FortiWLM MEA \u0434\u043b\u044f FortiManager (\u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0443\u044e \u043a RCE).\n\n\u0425\u043e\u0442\u044f Fortinet \u0438 \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u043d\u043e \u043c\u044b \u0442\u043e \u0437\u043d\u0430\u0435\u043c, \u0447\u0442\u043e \u044d\u0442\u043e \u043d\u0435\u0438\u0437\u0431\u0435\u0436\u043d\u043e \u043f\u0440\u043e\u0438\u0437\u043e\u0439\u0434\u0435\u0442 \u0432 \u043f\u0435\u0440\u0441\u043f\u0435\u043a\u0442\u0438\u0432\u0435, \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0445\u0430\u043a\u0435\u0440\u043e\u0432 \u043d\u0430 \u0442\u0430\u043a\u0438\u0435 \u0430\u043a\u0442\u0438\u0432\u044b, \u0432\u0435\u0434\u044c \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0435 \u043f\u0440\u0435\u043f\u0430\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.", "creation_timestamp": "2024-03-13T15:30:05.000000Z"}, {"uuid": "d1cf0f8d-23c9-4eb5-bf36-599e004c1110", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://t.me/ctinow/207887", "content": "https://ift.tt/jUTwHYf\nCritical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)", "creation_timestamp": "2024-03-14T15:56:54.000000Z"}, {"uuid": "bac848d7-ce00-4a2a-8100-9d169b17b9fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/true_secator/5653", "content": "\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0432\u0435\u0441\u0435\u043d\u043d\u0435\u0435 \u043e\u0431\u043e\u0441\u0442\u0440\u0435\u043d\u0438\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u0442\u0441\u044f \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0443 \u0448\u0438\u0437\u0438\u043a\u043e\u0432, \u043d\u043e \u0438 \u0443 \u0445\u0430\u043a\u0435\u0440\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441 \u043d\u0435\u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u044b\u043c \u044d\u043d\u0442\u0443\u0437\u0438\u0430\u0437\u043c\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u0441\u0432\u0435\u0436\u0435\u0438\u0441\u043f\u0435\u0447\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439.\n\n\u041e\u0434\u043d\u0438\u043c \u0438\u0437 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043f\u0440\u0438\u043c\u0435\u0440\u043e\u0432 \u044d\u0442\u043e\u0433\u043e \u0441\u0442\u0430\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u043d\u043e\u0432\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u0439 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b\u0439 \u0431\u0430\u0433 \u0432 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Fortinet FortiClient EMS \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 ScreenConnect \u0438 Metasploit Powerfun.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 (CVE-2023-48788) \u0441 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 9.3 \u043f\u043e CVSS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0438\u043b\u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432.\n\n\u041a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043a\u043e\u0434\u043e\u0432\u043e\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Connect:fun \u0438\u0437-\u0437\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f ScreenConnect \u0438 Powerfun \u0434\u043b\u044f \u043f\u043e\u0441\u0442\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \u0430\u0442\u0430\u043a\u0435 \u043d\u0430 \u043d\u0435\u043d\u0430\u0437\u0432\u0430\u043d\u043d\u0443\u044e \u043c\u0435\u0434\u0438\u0430\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044e, \u0447\u044c\u0451 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e FortiClient EMS \u0442\u043e\u0440\u0447\u0430\u043b\u043e \u0432 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0441\u0440\u0430\u0437\u0443 \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 PoC \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 21 \u043c\u0430\u0440\u0442\u0430 2024 \u0433\u043e\u0434\u0430. \n\n\u041f\u0440\u0438\u0447\u0435\u043c, \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0434\u043d\u0435\u0439 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u044b\u0442\u0430\u043b\u0441\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c ScreenConnect, \u0430 \u0437\u0430\u0442\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u043e\u0444\u0442\u0438\u043d\u0443 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u0441\u0442\u043e\u043b\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0443\u0442\u0438\u043b\u0438\u0442\u044b msiexec, \u043d\u043e \u0431\u0435\u0437 \u0443\u0441\u043f\u0435\u0448\u043d\u043e.\n\n\u041e\u0434\u043d\u0430\u043a\u043e 25 \u043c\u0430\u0440\u0442\u0430 \u0431\u044b\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043a\u043e\u0434\u0430 PowerShell, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u043b \u0441\u043a\u0440\u0438\u043f\u0442 Powerfun Metasploit \u0438 \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u043b \u043e\u0431\u0440\u0430\u0442\u043d\u043e\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0441 \u0434\u0440\u0443\u0433\u0438\u043c IP-\u0430\u0434\u0440\u0435\u0441\u043e\u043c.\n\n\u0422\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u044b, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044b\u0435 \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 ScreenConnect \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u043c\u0435\u043d\u0430 (\"ursketz[.]com\") \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c certutil, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u0442\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u043b\u0441\u044f \u0447\u0435\u0440\u0435\u0437 msiexec \u043f\u0435\u0440\u0435\u0434 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0441\u0432\u044f\u0437\u0438 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f. \n\n\u0414\u043e\u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e, \u043d\u043e \u0443 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432 \u0435\u0441\u0442\u044c \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u0438 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0430\u043a\u0442\u0438\u0432\u0435\u043d \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0441 2022 \u0433\u043e\u0434\u0430 \u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Fortinet, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0432\u044c\u0435\u0442\u043d\u0430\u043c\u0441\u043a\u0438\u0439 \u0438 \u043d\u0435\u043c\u0435\u0446\u043a\u0438\u0439 \u044f\u0437\u044b\u043a\u0438 \u0432 \u0441\u0432\u043e\u0435\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435.\n\n\u0422\u0430\u043a\u0436\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 \u043f\u043e \u0441\u0442\u0430\u0440\u0438\u043d\u043a\u0435 \u0432 \u0440\u0443\u043a\u043e\u043f\u0430\u0448\u043d\u0443\u044e, \u0447\u0442\u043e \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442\u0441\u044f \u0432\u0441\u0435\u043c\u0438 \u043d\u0435\u0443\u0434\u0430\u0447\u043d\u044b\u043c\u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0430\u043c\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043e\u043b\u0433\u0438\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c \u043c\u0435\u0436\u0434\u0443 \u043f\u043e\u043f\u044b\u0442\u043a\u0430\u043c\u0438, \u043a\u0430\u043a \u0431\u044b \u043d\u0430\u043c\u0435\u043a\u0430\u044f, \u0447\u0442\u043e \u0446\u0435\u043b\u044c \u0432\u044b\u0431\u0440\u0430\u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u043d\u0435 \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u043e.\n\n\u041f\u043e \u0438\u0442\u043e\u0433\u0443, \u043c\u043e\u0440\u0430\u043b\u044c \u0441\u0435\u0439 \u0431\u0430\u0441\u043d\u0438 \u0442\u0430\u043a\u043e\u0432\u0430, \u0447\u0442\u043e \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c, \u043a\u0430\u043a \u0432\u0441\u0435\u0433\u0434\u0430, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0442\u0440\u0430\u0444\u0438\u043a \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432.", "creation_timestamp": "2024-04-18T15:58:56.000000Z"}, {"uuid": "aca0a140-65e8-4ffe-8d3b-4f96d0c84223", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://t.me/ctinow/205822", "content": "https://ift.tt/1vZwPfc\nCVE-2023-48788", "creation_timestamp": "2024-03-12T16:32:08.000000Z"}, {"uuid": "1c69a0b1-705a-4c5e-a63a-e22ef38df9c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://t.me/ctinow/205806", "content": "https://ift.tt/1vZwPfc\nCVE-2023-48788", "creation_timestamp": "2024-03-12T16:26:39.000000Z"}, {"uuid": "dd051404-a29e-4de5-86fb-f2d33ef1a541", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://t.me/ctinow/207111", "content": "https://ift.tt/XAaKvzG\nCVE-2023-48788 Exploit", "creation_timestamp": "2024-03-13T20:18:30.000000Z"}, {"uuid": "640553da-a5af-49d1-969c-174fc0de966f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/theninjaway1337/1491", "content": "Exploit released for Fortinet RCE bug used in attacks, patch now\n\nSecurity researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.\n\nTracked as CVE-2023-48788, this security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the UK's National Cyber Security Centre (NCSC).\n\nIt impacts FortiClient EMS versions 7.0 (7.0.1 through 7.0.10) and 7.2 (7.2.0 through 7.2.2), and it enables unauthenticated threat actors to gain remote code execution (RCE) with SYSTEM privileges on unpatched servers in low-complexity attacks that don't require user interaction.\n\n\"An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests,\" Fortinet explains in a security advisory released last week.\n\nhttps://www.bleepingcomputer.com/news/security/exploit-released-for-fortinet-rce-bug-used-in-attacks-patch-now/", "creation_timestamp": "2024-03-28T02:41:12.000000Z"}, {"uuid": "7e71976d-2287-4bae-9d23-af19fd2878bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4878", "type": "seen", "source": "https://t.me/cibsecurity/70182", "content": "\u203c CVE-2023-4878 \u203c\n\nServer-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-10T22:21:28.000000Z"}, {"uuid": "d0f4c7f1-b6de-49d0-a3ff-73280e1b55f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48783", "type": "seen", "source": "https://t.me/ctinow/174996", "content": "https://ift.tt/SMnpfyA\nCVE-2023-48783 | Fortinet FortiPortal up to 5.3.8/6.0.14/7.0.6/7.2.1 GET Request authorization (FG-IR-23-408)", "creation_timestamp": "2024-01-28T18:32:00.000000Z"}, {"uuid": "e99f6279-db89-41f4-a973-bb4bb2356f26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48781", "type": "seen", "source": "https://t.me/ctinow/167277", "content": "https://ift.tt/24qAYtk\nCVE-2023-48781 | Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC Plugin cross-site request forgery", "creation_timestamp": "2024-01-12T14:36:58.000000Z"}, {"uuid": "e8f20a81-4efd-4be1-901f-228a09f88bd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48780", "type": "seen", "source": "https://t.me/ctinow/166407", "content": "https://ift.tt/71wZjkU\nCVE-2023-48780 | EnigmaWeb WP Catalogue Plugin up to 1.7.6 on WordPress cross site scripting", "creation_timestamp": "2024-01-11T09:56:31.000000Z"}, {"uuid": "5d198927-08de-418f-9417-5af2403dee22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48783", "type": "seen", "source": "https://t.me/ctinow/166076", "content": "https://ift.tt/L0wikuV\nCVE-2023-48783", "creation_timestamp": "2024-01-10T19:26:14.000000Z"}, {"uuid": "da0451eb-d61b-4d07-b1a3-08bbd68bd076", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://t.me/theninjaway1337/1444", "content": "CVE-2023-48788\n\nMeanwhile CVE from 2023 remains unpatched ... \ud83d\ude05", "creation_timestamp": "2024-03-15T03:53:11.000000Z"}, {"uuid": "f052c92c-d786-43cd-bff1-f13020ed9195", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/theninjaway1337/1476", "content": "Exploit released for Fortinet RCE bug used in attacks, patch now\n\nSecurity researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.\nTracked as\u00a0CVE-2023-48788, this security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the UK's National Cyber Security Centre (NCSC).\n\nhttps://www.bleepingcomputer.com/news/security/exploit-released-for-fortinet-rce-bug-used-in-attacks-patch-now/", "creation_timestamp": "2024-03-23T17:30:27.000000Z"}, {"uuid": "2e98f14a-4a06-4eab-b7f8-b61a7b82da4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/S_E_Reborn/5491", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043e\u0442\u0447\u0435\u0442 \u043f\u043e \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b \u0437\u0430 2024 \u0433\u043e\u0434.\n\n\u0412 \u043d\u0435\u043c \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b \u0430\u043d\u043e\u043d\u0438\u043c\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f\u043c, \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 GERT, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 \u0438 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u0438 \u043f\u043e \u0446\u0435\u043b\u0435\u0432\u044b\u043c \u0430\u0442\u0430\u043a\u0430\u043c, ransomware \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u043c \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0433\u043e\u0434\u0430 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u0445.\n\n\u0412 2024 \u0433\u043e\u0434\u0443 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0441\u044f \u0440\u043e\u0441\u0442 \u0434\u043e\u043b\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0440\u0435\u0433\u0438\u043e\u043d\u043e\u0432, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0431\u043e\u043b\u044c\u0448\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0439 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u043b\u0430\u0441\u044c \u0432 \u0441\u0442\u0440\u0430\u043d\u0430\u0445 \u0421\u041d\u0413 (50,6%), \u043d\u0430 \u0411\u043b\u0438\u0436\u043d\u0435\u043c \u0412\u043e\u0441\u0442\u043e\u043a\u0435 (15,7%) \u0438 \u0432 \u0415\u0432\u0440\u043e\u043f\u0435 (10,8%).\n\n\u0420\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 IR-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043f\u043e \u043e\u0442\u0440\u0430\u0441\u043b\u044f\u043c \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u043e \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0435 2023 \u0433\u043e\u0434\u0430, \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0432 \u0432 \u0442\u0440\u043e\u0439\u043a\u0435 \u043b\u0438\u0434\u0435\u0440\u043e\u0432 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0435 (23,5%), \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 (16,3%) \u0438 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u0435 (13,3%) \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443 \u0431\u043e\u043b\u044c\u0448\u0438\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043f\u043e\u0441\u0442\u0443\u043f\u0438\u043b\u0430 \u043e\u0442 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u0439, \u0442\u043e\u0433\u0434\u0430 \u043a\u0430\u043a \u0433\u043e\u0441\u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u043b\u0438\u0441\u044c \u0430\u0442\u0430\u043a\u0430\u043c \u0440\u0435\u0436\u0435, \u0447\u0435\u043c \u0433\u043e\u0434\u043e\u043c \u0440\u0430\u043d\u0435\u0435.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u0442\u0441\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f \u043a \u0440\u043e\u0441\u0442\u0443 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0442\u0440\u0430\u043d\u0441\u043f\u043e\u0440\u0442\u043d\u043e\u0439 \u043e\u0442\u0440\u0430\u0441\u043b\u044c\u044e - \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043d\u0430 IR-\u0443\u0441\u043b\u0443\u0433\u0438 \u0441 2023 \u0433\u043e\u0434\u0430 \u0432\u044b\u0440\u043e\u0441\u043b\u043e \u0432\u0434\u0432\u043e\u0435.\n\n\u0412 2024 \u0433\u043e\u0434\u0443 \u0447\u0438\u0441\u043b\u043e \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c ransomware \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u043b\u043e\u0441\u044c \u043d\u0430 8,3 \u043f\u0443\u043d\u043a\u0442\u043e\u0432 \u043f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f\u043c\u0438 2023 \u0433\u043e\u0434\u0430 \u0438 \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u043e 41,6% \u043e\u0442 \u043e\u0431\u0449\u0435\u0433\u043e \u0447\u0438\u0441\u043b\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432.\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u0440\u043e\u0433\u043d\u043e\u0437\u0438\u0440\u0443\u044e\u0442, \u0447\u0442\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 \u043e\u0441\u0442\u0430\u043d\u0443\u0442\u0441\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443 \u0438 \u0432 \u0442\u0435\u043a\u0443\u0449\u0435\u043c \u0433\u043e\u0434\u0443, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043b\u0435\u0442, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u044d\u0442\u0430 \u0443\u0433\u0440\u043e\u0437\u0430 \u0437\u0430\u043d\u0438\u043c\u0430\u0435\u0442 \u043b\u0438\u0434\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043f\u043e\u0437\u0438\u0446\u0438\u0438 \u0441\u0440\u0435\u0434\u0438 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u0432 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u0445.\n\n\u0412 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0441\u043b\u0443\u0447\u0430\u0435\u0432 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0439 \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u043b\u0438\u0441\u044c \u043e\u0431\u0440\u0430\u0437\u0446\u044b \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432\u0430 LockBit\u00a0(43,6%), \u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0442\u00a0Babuk\u00a0(9,1%) \u0438 Phobos (5,5%). \u0412\u044b\u044f\u0432\u043b\u0435\u043d\u044b \u0438 \u043d\u043e\u0432\u044b\u0435 \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a\u00a0ShrinkLocker\u00a0\u0438\u00a0Ymir.\n\n\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0439 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b GERT \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a\u00a0Tusk, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u044f\u0434 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432\u00a0\u0441 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0435\u0439 CVE-2023-48788.\n\n\u0415\u0449\u0435 \u043e\u0434\u043d\u043e\u0439 \u0442\u0440\u0435\u0432\u043e\u0436\u043d\u043e\u0439 \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u0435\u0439, \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u043a\u0435\u0439\u0441\u0430\u0445 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 \u0448\u0438\u0440\u043e\u043a\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0442\u0430\u043a\u0438\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u043a\u0430\u043a Mimikatz (21,8%) \u0438 PsExec (20,0%) \u043d\u0430 \u044d\u0442\u0430\u043f\u0435 \u043f\u043e\u0441\u0442\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u0438 \u0431\u043e\u043a\u043e\u0432\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f.\n\n\u041e\u0442\u0434\u0435\u043b\u044c\u043d\u043e \u0432 \u041b\u041a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0443\u0441\u0438\u043b\u0438\u0432\u0430\u044e\u0449\u0443\u044e\u0441\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044e, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u0443\u0442\u0435\u0447\u043a\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0442\u0435\u043f\u0435\u0440\u044c \u043d\u0430 \u0432\u0442\u043e\u0440\u043e\u043c \u043c\u0435\u0441\u0442\u0435 \u043f\u043e \u0447\u0430\u0441\u0442\u043e\u0442\u0435 IR-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (\u0432 16,9% \u0432\u0441\u0435\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432), \u0447\u0442\u043e \u043a\u043e\u0440\u0440\u0435\u043b\u0438\u0440\u0443\u0435\u0442 \u0441 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438 \u041b\u041a \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u0439 \u0432 \u043c\u0435\u0442\u043e\u0434\u0430\u0445 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c.\n\n\u041f\u043e\u043b\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f \u043e\u0442\u0447\u0435\u0442\u0430\u00a0\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u0437\u0434\u0435\u0441\u044c \u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u0445, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043d\u043e\u0432\u044b\u0435 \u0443\u0433\u0440\u043e\u0437\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u043c \u0440\u0430\u0437\u0431\u043e\u0440\u043e\u043c \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 APT \u0438 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u043e\u0439 \u043f\u043e \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u043c \u0433\u0440\u0443\u043f\u043f\u0430\u043c.", "creation_timestamp": "2025-03-19T17:38:16.000000Z"}, {"uuid": "0fb154ed-2767-4455-9c4b-413b7cea9ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/information_security_channel/51808", "content": "Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks\nhttps://www.securityweek.com/recent-fortinet-forticlient-ems-vulnerability-exploited-in-attacks/\n\nCVE-2023-48788, a critical SQL injection vulnerability in Fortinet\u2019s FortiClient EMS product, is being exploited in the wild.\nThe post Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks (https://www.securityweek.com/recent-fortinet-forticlient-ems-vulnerability-exploited-in-attacks/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-03-26T12:10:12.000000Z"}, {"uuid": "736ae583-7a67-4f80-a36b-bb62dd607f5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/thehackernews/6075", "content": "\ud83d\uded1 Attackers are exploiting Fortinet's CVE-2023-48788 (CVSS 9.3) to install remote desktop tools like AnyDesk and ScreenConnect. \n \nThey\u2019ve already targeted companies across 12 countries, leveraging: \n \n\u00bb SQL injection for unauthorized access \n\u00bb Password recovery tools like Mimikatz \n\u00bb PowerShell scripts for persistence \n \nDon\u2019t just patch vulnerabilities\u2014assume attackers are already inside. \n \nFind details here: https://thehackernews.com/2024/12/hackers-exploiting-critical-fortinet.html", "creation_timestamp": "2024-12-20T07:30:15.000000Z"}, {"uuid": "0422d664-5cdb-49d9-b3e8-4109d7f11c6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/CyberBulletin/25518", "content": "\u26a1\ufe0fMedusa Exploits Fortinet Flaw (CVE-2023-48788) for Stealthy Ransomware Attacks.\n\n#CyberBulletin", "creation_timestamp": "2024-09-21T03:00:55.000000Z"}, {"uuid": "c9c38644-5df4-48e6-ba02-3b8b449a17f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "seen", "source": "https://t.me/thehackernews/4678", "content": "\u26a0\ufe0f Vulnerability Alert: Fortinet warns of a severe SQL Injection vulnerability (CVE-2023-48788) in FortiClientEMS allowing unauthenticated attackers to execute code remotely. \n \nDetails: https://thehackernews.com/2024/03/fortinet-warns-of-severe-sqli.html \n \nCheck if your versions are affected and upgrade ASAP!", "creation_timestamp": "2024-03-14T05:23:51.000000Z"}, {"uuid": "4f849e77-395e-4c79-8d69-caabbd27eff8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "exploited", "source": "https://t.me/CyberBulletin/26869", "content": "\u26a1\ufe0fAttackers are exploiting Fortinet's CVE-2023-48788 (CVSS 9.3) to install remote desktop tools like AnyDesk and ScreenConnect.\n\n#CyberBulletin", "creation_timestamp": "2024-12-20T16:21:50.000000Z"}, {"uuid": "7c0726d9-3de9-4dc3-a714-1b1e6c5abd77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2160", "content": "https://github.com/horizon3ai/CVE-2023-48788\n\nFortinet FortiClient EMS SQL Injection\n#github #poc", "creation_timestamp": "2024-03-22T21:24:15.000000Z"}, {"uuid": "b5132882-ab03-4f42-a7f0-b268cfa209e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48788", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10195", "content": "#exploit\n1. CVE-2023-48788:\nFortinet FortiClient EMS SQL Injection\nhttps://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive\n\n2. CVE-2023-48725:\nNetgear RAX30 stack-based buffer overflow vulnerability\nhttps://blog.talosintelligence.com/vulnerability-roundup-march-20-2024\n\n3. CVE-2024-1212:\nUnauthenticated Command Injection In Progress Kemp LoadMaster\nhttps://github.com/Chocapikk/CVE-2024-1212", "creation_timestamp": "2024-03-23T07:24:50.000000Z"}]}