{"vulnerability": "CVE-2024-2039", "sightings": [{"uuid": "7594f090-0795-4a2b-b4e4-d771e83d5ac5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-07-02T18:10:02.000000Z"}, {"uuid": "a26d63f3-1008-4b32-aaf9-96e4508d6399", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20397", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113595449780755510", "content": "", "creation_timestamp": "2024-12-04T16:16:47.307445Z"}, {"uuid": "6fbe13e8-75cd-4eb6-8a22-b21814b5e2f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-20397", "type": "seen", "source": "https://infosec.exchange/users/patrickcmiller/statuses/113605929918399885", "content": "", "creation_timestamp": "2024-12-06T12:42:01.730671Z"}, {"uuid": "813e2616-5f99-40b8-b42a-581e6b1d803f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-20397", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/113605958462227857", "content": "", "creation_timestamp": "2024-12-06T12:49:16.788487Z"}, {"uuid": "c2403d1b-f09f-477a-bb3e-d57e76013447", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20397", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113595405914500858", "content": "", "creation_timestamp": "2024-12-04T16:05:37.912190Z"}, {"uuid": "0ee5e26b-a07c-4d8b-ae11-9ab4f555bce6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20397", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/113600538034366851", "content": "", "creation_timestamp": "2024-12-05T13:50:47.626513Z"}, {"uuid": "9e16d380-164a-4ac1-82b9-045d471a5f5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3m5g7scsr3e2n", "content": "", "creation_timestamp": "2025-11-12T08:20:40.142749Z"}, {"uuid": "2fd813a7-746e-417d-84cc-905dbaa3a37b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:55.000000Z"}, {"uuid": "8cd566d7-34d9-4d33-8990-d1371d4a6487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20397", "type": "seen", "source": "https://bsky.app/profile/aakl.bsky.social/post/3lmcveg3wgk22", "content": "", "creation_timestamp": "2025-04-08T16:27:40.389727Z"}, {"uuid": "82db4766-a8e3-46fb-98ea-bf392cb6a471", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "seen", "source": "https://gist.github.com/Darkcrai86/64c3a9e2f3a85f4496079a7dbe1c09bd", "content": "", "creation_timestamp": "2025-11-07T08:08:08.000000Z"}, {"uuid": "be443ce4-bb07-4e72-9e7c-e36c89879ad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://t.me/itsec_news/4628", "content": "\u200b\u26a1\ufe0f0day \u0432 Cisco \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043d\u0435\u043e\u0436\u0438\u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u0430\u0441\u0448\u0442\u0430\u0431 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439\n\n\ud83d\udcac\u0412 \u043d\u0430\u0447\u0430\u043b\u0435 2024 \u0433\u043e\u0434\u0430 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 Velvet Ant \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0451\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f (Zero-Day) \u0432 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u0430\u0445 Cisco \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043d\u0430\u0434 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0443\u0433\u0440\u043e\u0437.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-20399 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 6.7) \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u043e\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043e\u0431\u0448\u0438\u0440\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0437\u0430\u0440\u0430\u0436\u0451\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439, \u0447\u0442\u043e \u043e\u0431\u043b\u0435\u0433\u0447\u0438\u043b\u043e \u043a\u0430\u043a \u043a\u0440\u0430\u0436\u0443 \u0434\u0430\u043d\u043d\u044b\u0445, \u0442\u0430\u043a \u0438 \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Sygnia, Velvet Ant \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430 Linux, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0435\u0439 \u043f\u043e\u0434 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u043e\u0439 NX-OS. \u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a\u0438 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0430\u043c \u0431\u044b\u043b\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u043e\u043c.\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Sygnia \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u0440\u0430\u0442\u0438\u043b\u0438 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043d\u0430 \u0433\u0440\u0443\u043f\u043f\u0443 Velvet Ant \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043c\u043d\u043e\u0433\u043e\u043b\u0435\u0442\u043d\u0435\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0442\u0438\u0432 \u043d\u0435\u043a\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0412\u043e\u0441\u0442\u043e\u0447\u043d\u043e\u0439 \u0410\u0437\u0438\u0438. \u0412 \u0445\u043e\u0434\u0435 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 Velvet Ant \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 F5 BIG-IP \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u0435.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0441\u043a\u0440\u044b\u0442\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-20399 \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u043e \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u0438\u044e\u043b\u044f, \u0447\u0442\u043e \u043f\u043e\u0431\u0443\u0434\u0438\u043b\u043e Cisco \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b. \u0413\u0440\u0443\u043f\u043f\u0430 Velvet Ant \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e\u0441\u0442\u044c \u0430\u0434\u0430\u043f\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0432\u043e\u0438 \u043c\u0435\u0442\u043e\u0434\u044b, \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u044f \u043e\u0442 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043d\u043e\u0432\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows \u043a \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c \u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0437\u0431\u0435\u0433\u0430\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f.\n\n\u041f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432 Sygnia, \u043f\u0435\u0440\u0435\u0445\u043e\u0434 \u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u043e\u0439 \u0442\u0430\u043a\u0442\u0438\u043a\u043e\u0439 \u043e\u0431\u0445\u043e\u0434\u0430 \u0441\u0438\u0441\u0442\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b. \u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0430 \u0430\u0442\u0430\u043a \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0430 \u0432\u0437\u043b\u043e\u043c \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u0430 Cisco \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-20399, \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u0440\u0430\u0437\u0432\u0435\u0434\u044b\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0430, \u0447\u0442\u043e \u0432 \u0438\u0442\u043e\u0433\u0435 \u043f\u0440\u0438\u0432\u0435\u043b\u043e \u043a \u0437\u0430\u043f\u0443\u0441\u043a\u0443 \u0431\u044d\u043a\u0434\u043e\u0440\u0430.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 VELVETSHELL, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u044e \u0434\u0432\u0443\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c: Unix-\u0431\u044d\u043a\u0434\u043e\u0440\u0430 Tiny SHell \u0438 \u043f\u0440\u043e\u043a\u0441\u0438-\u0443\u0442\u0438\u043b\u0438\u0442\u044b 3proxy . \u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441 \u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u041e\u0421 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0438 \u0432\u044b\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u0442\u0443\u043d\u043d\u0435\u043b\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430.\n\n\u0414\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u00abVelvet Ant\u00bb \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u0438\u0432\u0430\u044e\u0442 \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0440\u0438\u0441\u043a\u0430, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0433\u043e \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0435\u0433\u043e \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0441\u0435\u0442\u0438. \u0417\u0430\u0447\u0430\u0441\u0442\u0443\u044e \u0442\u0430\u043a\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u00ab\u0447\u0451\u0440\u043d\u044b\u043c \u044f\u0449\u0438\u043a\u043e\u043c\u00bb, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d\u0438 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0441\u043a\u0440\u044b\u0442\u044b \u043e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0438\u0445 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0438\u0448\u0435\u043d\u044c\u044e \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-08-23T20:45:35.000000Z"}, {"uuid": "8809068d-ae32-4abb-a9c3-17b6780abb89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/e9857037-65f8-46e8-ac1c-381fe38f8569", "content": "", "creation_timestamp": "2026-02-02T12:26:34.337198Z"}, {"uuid": "d825aef2-0824-4db8-bfca-89067c66888a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7840", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPrivate exploit for Cisco Nexus giving RCE\nURL\uff1ahttps://github.com/Blootus/CVE-2024-20399-Cisco-RCE\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-03T03:45:22.000000Z"}, {"uuid": "24014851-b834-42f5-bac4-fce569d94d92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "seen", "source": "https://t.me/kasperskyb2b/1387", "content": "\ud83d\udd25 \u0412\u0430\u0436\u043d\u044b\u0435 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0418\u0411 \u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\ud83d\udc7b \u041d\u043e\u0432\u044b\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0437\u0438\u0440\u043e\u0434\u0435\u0435\u0432 \u0432 Cisco NX: \u044d\u0442\u0438\u043c \u0437\u0430\u043d\u0438\u043c\u0430\u043b\u0430\u0441\u044c APT VelvetAnt, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0432\u044b\u0448\u0430\u043b\u0430 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e CVE-2024-20399 \u0438 \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u043b\u0430 \u043d\u0430 \u0441\u0432\u0438\u0447\u0430\u0445 \u0431\u044d\u043a\u0434\u043e\u0440 VelvetShell \u2014 \u0433\u0438\u0431\u0440\u0438\u0434, \u0438\u0437\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u0438\u0437 TinyShell \u0438 3proxy.\n\u042d\u0442\u043e\u0442 \u0434\u0435\u0444\u0435\u043a\u0442 Cisco \u0437\u0430\u043a\u0440\u044b\u043b\u0430 \u0432 \u0438\u044e\u043b\u0435. \u0410 \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044e\u044e \u043d\u0435\u0434\u0435\u043b\u044e \u0443 Cisco \u0432\u044b\u0448\u043b\u043e 7 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435\u0439, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0445 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0432 ISE \u0438 UCM, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0444\u0438\u043a\u0441\u044b \u0434\u043b\u044f BlastRADIUS \u0438 regreSSHion.\n\n\ud83d\udc6e\u200d\u2640\ufe0f \u0421\u043b\u0443\u0436\u0431\u0430\u043c \u0431\u043e\u0440\u044c\u0431\u044b \u0441 \u0431\u0430\u043d\u043a\u043e\u0432\u0441\u043a\u0438\u043c \u0444\u0440\u043e\u0434\u043e\u043c \u043f\u0440\u0438\u0433\u043e\u0442\u043e\u0432\u0438\u0442\u044c\u0441\u044f: \u0432 \u0427\u0435\u0445\u0438\u0438 \u043d\u0430\u043a\u0440\u044b\u043b\u0438 \u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0445 \u043d\u043e\u0432\u0443\u044e \u0441\u0445\u0435\u043c\u0443 \u0441\u043d\u044f\u0442\u0438\u044f \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0447\u0435\u0440\u0435\u0437 \u0431\u0430\u043d\u043a\u043e\u043c\u0430\u0442\u044b. \u0416\u0435\u0440\u0442\u0432 \u0437\u0430\u0440\u0430\u0436\u0430\u043b\u0438 \u0445\u0438\u0442\u0440\u044b\u043c \u0412\u041f\u041e Ngate \u0434\u043b\u044f Android, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u0431\u0443\u0436\u0434\u0430\u043b\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0438\u0442\u044c \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0431\u0430\u043d\u043a\u043e\u0432\u0441\u043a\u0443\u044e \u043a\u0430\u0440\u0442\u0443 \u043a \u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0442\u0435\u043b\u044e NFC \u043d\u0430 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0435, \u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u043b\u043e \u0430\u0442\u0430\u043a\u0443 \u0441 \u0440\u0435\u0442\u0440\u0430\u043d\u0441\u043b\u044f\u0446\u0438\u0435\u0439. \u0416\u0443\u043b\u0438\u043a\u0438 \u0441\u0442\u043e\u044f\u043b\u0438 \u043d\u0430\u0433\u043e\u0442\u043e\u0432\u0435 \u0443 \u0431\u0430\u043d\u043a\u043e\u043c\u0430\u0442\u0430, \u0447\u0442\u043e\u0431\u044b \u0440\u0435\u0442\u0440\u0430\u043d\u0441\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0435\u043c\u0443 \u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u0447\u0438\u0442\u0430\u043d\u043d\u043e\u0439 \u043a\u0430\u0440\u0442\u044b.\n\n\ud83d\udd04 \u041d\u043e\u0432\u0430\u044f \u0442\u0430\u043a\u0442\u0438\u043a\u0430 \u0431\u0430\u043d\u0434\u044b ransomware Qlin: \u043a\u0440\u043e\u043c\u0435 \u043e\u0431\u044b\u0447\u043d\u043e\u0433\u043e \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445, \u043e\u043d\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0432\u043e\u0440\u0443\u044e\u0442 \u043f\u0430\u0440\u043e\u043b\u0438 \u0438\u0437 Chrome \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0435\u0442\u0438. \u042d\u0442\u043e \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u0438\u043c \u043a\u0430\u043a \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u0442\u044c \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0432 \u0441\u0435\u0442\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0442\u0430\u043a \u0438 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u0435\u0451 \u043a\u043e\u043d\u0442\u0440\u0430\u0433\u0435\u043d\u0442\u043e\u0432.\n\n\ud83d\uddff \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0430\u044f \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0435 \u0431\u0438\u0437\u043d\u0435\u0441\u044b \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 PhantomCore \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u0441\u0432\u043e\u0451 \u0412\u041f\u041e \u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u043b\u0430 \u0441\u043f\u0435\u043a\u0442\u0440 \u0430\u0442\u0430\u043a\u0443\u0435\u043c\u044b\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439.\n\n\u0421\u0443\u043f\u0435\u0440-\u0434\u0435\u0442\u0430\u043b\u044c\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 MoonPeak, \u043c\u043d\u043e\u0433\u043e IoC \u0438 \u0434\u0438\u0430\u0433\u0440\u0430\u043c\u043c. \u0412\u041f\u041e \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432\u0430\u0440\u0438\u0430\u0446\u0438\u0435\u0439 XenoRAT, \u0430 \u0441\u0430\u043c\u0443 \u0433\u0440\u0443\u043f\u043f\u0443 UAT-5394 \u043d\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u0441\u0435\u0432\u0435\u0440\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u043e\u0439.\n\n\ud83d\udd04 \u041d\u043e\u0432\u043e\u0435 \u0412\u041f\u041e \u0434\u043b\u044f Linux, \u043d\u0430\u0437\u0432\u0430\u043d\u043d\u043e\u0435 sedexp, \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0438\u043d\u043d\u043e\u0432\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0442\u0430\u043a\u0442\u0438\u043a\u0438 \u0437\u0430\u043a\u0440\u0435\u043f\u043b\u0435\u043d\u0438\u044f \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043d\u0430 \u043f\u0440\u0430\u0432\u0438\u043b\u0430\u0445 udev. \u042d\u0442\u043e\u0439 \u0442\u0430\u043a\u0442\u0438\u043a\u0438 \u043f\u043e\u043a\u0430 \u043d\u0435\u0442 \u0432 ATT&CK. \u0421\u0430\u043c\u043e \u0412\u041f\u041e \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0441 2022 \u0433\u043e\u0434\u0430 \u0438 \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043e\u0431\u0440\u0430\u0442\u043d\u044b\u0445 \u0448\u0435\u043b\u043b\u043e\u0432 \u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u0445 \u0445\u043e\u0441\u0442\u0430\u0445.\n\n\u0421\u0435\u0440\u0432\u0435\u0440\u044b \u043d\u0430 \u0431\u0430\u0437\u0435 PostgreSQL \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u0412\u041f\u041e PG_MEM, \u043f\u043e\u0434\u0431\u0438\u0440\u0430\u0435\u0442 \u043f\u0430\u0440\u043e\u043b\u0438 \u043f\u0435\u0440\u0435\u0431\u043e\u0440\u043e\u043c \u0438 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0434\u0430\u0447\u0438 \u043c\u0430\u0439\u043d\u0438\u0442 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u0443. \n\n\ud83d\udd0e \u041e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0439 \u0432\u0437\u043b\u043e\u043c \u043c\u0430\u0433\u0430\u0437\u0438\u043d\u043e\u0432 \u043d\u0430 \u0431\u0430\u0437\u0435 Magento/Adobe Commerce, \u0441\u043e\u0442\u043d\u0438 \u043c\u0430\u0433\u0430\u0437\u0438\u043d\u043e\u0432 \u0441\u043e\u0431\u0438\u0440\u0430\u044e\u0442 \u043f\u043b\u0430\u0442\u0451\u0436\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0432\u0435\u0431-\u0441\u043a\u0438\u043c\u043c\u0435\u0440\u0430. \u041a\u0430\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f, \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e.\n\n\u0410 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0435 \u0441\u0430\u0439\u0442\u044b \u043d\u0430 Wordpress \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 \u0442\u0440\u043e\u044f\u043d ClearFake \u043f\u043e\u0434 \u0432\u0438\u0434\u043e\u043c \u00ab\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435\u00bb. \u041a\u043e\u0440\u043d\u0435\u0432\u043e\u0439 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0432\u0440\u0443\u0447\u043d\u0443\u044e, \u0441\u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u0432 \u0438\u0437 \u043e\u043a\u043e\u0448\u043a\u0430 \u0441\u043a\u0440\u0438\u043f\u0442 \u0438 \u0432\u0441\u0442\u0430\u0432\u0438\u0432 \u0435\u0433\u043e \u0432 PowerShell \ud83d\ude02\n\n\ud83d\udd14 \u0412 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u0441\u0445\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 Wordpress \u0441\u0442\u0430\u043d\u0435\u0442 \u0431\u043e\u043b\u044c\u0448\u0435, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0441\u0432\u0435\u0436\u0438\u0439 \u0434\u0435\u0444\u0435\u043a\u0442 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 Litespeed Cache \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0442\u0440\u0438\u0432\u0438\u0430\u043b\u044c\u043d\u043e \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 Wordpress-\u0441\u0430\u0439\u0442\u043e\u043c. \u041d\u0430 \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e \u043e\u043a\u043e\u043b\u043e 5 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u0441\u0430\u0439\u0442\u043e\u0432.\n\n\u2620\ufe0f \u0423\u0433\u0440\u043e\u0436\u0430\u044e\u0449\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u043d\u044b\u0439 mac-\u0438\u043d\u0444\u043e\u0441\u0442\u0438\u043b\u0435\u0440 Cthulhu \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0434 \u0432\u0438\u0434\u043e\u043c \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u043e\u0433\u043e \u041f\u041e \u0438 \u043d\u0430\u0446\u0435\u043b\u0435\u043d \u043d\u0430 \u043a\u0440\u0430\u0436\u0443 \u0432\u0441\u0435\u0433\u043e, \u0447\u0442\u043e \u043f\u043b\u043e\u0445\u043e \u043b\u0435\u0436\u0438\u0442 \u0441 \u0430\u043a\u0446\u0435\u043d\u0442\u043e\u043c \u043d\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u0443.\n\n\u041e\u0431\u0437\u043e\u0440 \u0442\u0430\u043a\u0442\u0438\u043a \u0438 \u043c\u043e\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u0445\u0430\u043a\u0442\u0438\u0432\u0438\u0441\u0442\u043e\u0432.\n\n\ud83d\udcf1 \u041f\u0430\u0442\u0447-\u0434\u0440\u0430\u043c\u0430 Xiaomi: \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0440\u044f\u0434 \u043f\u0430\u0442\u0447\u0435\u0439, \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u0440\u0443\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432, \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u0432\u0448\u0438\u0445\u0441\u044f \u043a \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u043d\u0430 Pwn2Own Toronto 2023,\u00a0 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u043e \u043e\u043a\u0438\u0440\u043f\u0438\u0447\u0438\u043b\u0430 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u043e\u0442\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c \u043d\u0430\u0437\u043d\u0430\u0447\u0430\u0442\u044c CVE, \u0437\u0430\u0442\u0435\u043c \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u043e\u0442\u043a\u0430\u0442\u044b\u0432\u0430\u044e\u0449\u0438\u0435 \u043f\u0430\u0442\u0447\u0438 \u0438 \u0441\u043d\u043e\u0432\u0430 \u0434\u0435\u043b\u0430\u044e\u0449\u0438\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u043f\u0440\u0438\u0433\u043e\u0434\u043d\u044b\u043c\u0438 \u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438. \n\u041c\u043e\u0440\u0430\u043b\u044c: \u0438\u0437\u0431\u0430\u0432\u043b\u044f\u044f\u0441\u044c \u043e\u0442 iPhone \u043f\u043e \u0441\u043e\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f\u043c \u0418\u0411, \u0432\u044b\u0431\u0438\u0440\u0430\u0439\u0442\u0435 Android \u0437\u0434\u043e\u0440\u043e\u0432\u043e\u0433\u043e \u0447\u0435\u043b\u043e\u0432\u0435\u043a\u0430.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 #APT @\u041f2\u0422", "creation_timestamp": "2024-08-26T10:03:52.000000Z"}, {"uuid": "625be393-e0a0-405e-b4f6-1c7aa16906fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20397", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10917", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-20397\n\ud83d\udd25 CVSS Score: 5.2 (cvssV3_1, Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)\n\ud83d\udd39 Description: A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. \n\nThis vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.\n\ud83d\udccf Published: 2024-12-04T16:13:13.890Z\n\ud83d\udccf Modified: 2025-04-08T14:29:18.430Z\n\ud83d\udd17 References:\n1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL", "creation_timestamp": "2025-04-08T14:47:07.000000Z"}, {"uuid": "89da0e8c-8c0b-488f-920a-a8c6597ba13b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "seen", "source": "https://t.me/cyber_hsecurity/1615", "content": "\u0627\u0644\u0645\u0635\u062f\u0631 \u0648\u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644:\n- \u0644\u0645\u0632\u064a\u062f \u0645\u0646 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062d\u0648\u0644 \u0627\u0644\u0625\u0635\u0644\u0627\u062d\u060c \u064a\u0645\u0643\u0646 \u0627\u0644\u0627\u0637\u0644\u0627\u0639 \u0639\u0644\u0649 [\u0627\u0644\u062a\u062d\u062f\u064a\u062b \u0641\u064a GitHub](https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210).\n\nALSED404:\nGG CISCO\n\u0627\u0633\u062a\u063a\u0644\u062a \u0645\u062c\u0645\u0648\u0639\u0629 \u0627\u0644\u062a\u0647\u062f\u064a\u062f\u0627\u062a \u0627\u0644\u0645\u0631\u062a\u0628\u0637\u0629 \u0628\u0627\u0644\u0635\u064a\u0646\u060c Velvet Ant\u060c \u200b\u200b\u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 (CVE-2024-20399) \u0641\u064a \u0645\u0641\u0627\u062a\u064a\u062d Cisco \u0628\u0627\u0639\u062a\u0628\u0627\u0631\u0647\u0627 \u064a\u0648\u0645\u064b\u0627 \u0635\u0641\u0631\u064a\u064b\u0627 \u0644\u0644\u0633\u064a\u0637\u0631\u0629 \u0648\u0627\u0644\u062a\u0647\u0631\u0628 \u0645\u0646 \u0627\u0644\u0627\u0643\u062a\u0634\u0627\u0641.\n\u0627\u0642\u0631\u0623: https://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html\n\nPayload:\nsite.tld/xyz/xyz/xyz/?path=../../../../../../../../../etc/passwd\n============================\n#ALSED404\n\n\u0643\u0634\u0641\u062a \u0634\u0631\u0643\u0629 \u062c\u0648\u062c\u0644 \u0639\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0646\u0634\u0637 \u0644\u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a \u0645\u062a\u0635\u0641\u062d \u0643\u0631\u0648\u0645\u060c CVE-2024-7965\u060c \u0648\u0627\u0644\u062a\u064a \u062a\u0645 \u062a\u0635\u062d\u064a\u062d\u0647\u0627 \u0627\u0644\u0623\u0633\u0628\u0648\u0639 \u0627\u0644\u0645\u0627\u0636\u064a.\n\n\u0642\u062f \u064a\u0624\u062f\u064a \u0647\u0630\u0627 \u0627\u0644\u062e\u0644\u0644 \u0641\u064a \u0645\u062d\u0631\u0643 V8 \u0627\u0644\u062e\u0627\u0635 \u0628\u0645\u062a\u0635\u0641\u062d Chrome \u0625\u0644\u0649 \u062a\u0645\u0643\u064a\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0639\u0646 \u0628\u0639\u062f.\n\u0644\u0645\u0639\u0631\u0641\u0629 \u0627\u0644\u0645\u0632\u064a\u062f: https://thehackernews.com/2024/08/google-warns-of-cve-2024-7965-chrome.html\n\u062a\u0623\u0643\u062f \u0645\u0646 \u062a\u062d\u062f\u064a\u062b \u0645\u062a\u0635\u0641\u062d\u0643 \u0625\u0644\u0649 \u0627\u0644\u0625\u0635\u062f\u0627\u0631 \u0627\u0644\u0623\u062d\u062f\u062b.\n\nThe Smart Shadow:\n\ud83c\udd98CVE -2024-41109\n\u062a\u0648\u0641\u0631 \u062d\u0632\u0645\u0629 Admin Classic Bundle \u0645\u0646 Pimcore \u0648\u0627\u062c\u0647\u0629 \u0645\u0633\u062a\u062e\u062f\u0645 \u062e\u0644\u0641\u064a\u0629 \u0644\u0628\u0631\u0646\u0627\u0645\u062c Pimcore. \u064a\u0624\u062f\u064a \u0627\u0644\u0627\u0646\u062a\u0642\u0627\u0644 \u0625\u0644\u0649 /admin/index/statistics \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0645\u0633\u062a\u062e\u062f\u0645 Pimcore \u0645\u0633\u062c\u0644 \u0627\u0644\u062f\u062e\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062d\u0648\u0644 \u062a\u062b\u0628\u064a\u062a Pimcore \u0648\u0625\u0635\u062f\u0627\u0631 PHP \u0648\u0625\u0635\u062f\u0627\u0631 MYSQL \u0648\u0627\u0644\u062d\u0632\u0645 \u0627\u0644\u0645\u062b\u0628\u062a\u0629 \u0648\u062c\u0645\u064a\u0639 \u062c\u062f\u0627\u0648\u0644 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0639\u062f\u062f \u0635\u0641\u0648\u0641\u0647\u0627 \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645. \u062a\u0645 \u0625\u0635\u0644\u0627\u062d \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a 1.5.2 \u06481.4.6 \u06481.3.10.\n\n\ud83c\udd98CVE -2024-4188\n\u0642\u062f \u062a\u0633\u0645\u062d \u062b\u063a\u0631\u0629 \u0627\u0644\u0646\u0642\u0644 \u063a\u064a\u0631 \u0627\u0644\u0645\u062d\u0645\u064a \u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u0639\u062a\u0645\u0627\u062f \u0641\u064a OpenText\u2122 Documentum\u2122 Server \u0628\u062d\u0634\u0648 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u0639\u062a\u0645\u0627\u062f. \u062a\u0624\u062b\u0631 \u0647\u0630\u0647 \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u0639\u0644\u0649 Documentum\u2122 Server: \u0645\u0646 16.7 \u0625\u0644\u0649 23.4.\n\n\ud83d\udea8CVE -2024-34149\n\u0641\u064a Bitcoin Core \u062d\u062a\u0649 27.0 \u0648Bitcoin Knots \u0642\u0628\u0644 25.1.knots20231115\u060c \u064a\u0641\u062a\u0642\u0631 tapscript \u0625\u0644\u0649 \u0641\u062d\u0635 \u062d\u062f \u062d\u062c\u0645 \u0627\u0644\u0633\u064a\u0627\u0633\u0629\u060c \u0648\u0647\u064a \u0645\u0634\u0643\u0644\u0629 \u0645\u062e\u062a\u0644\u0641\u0629 \u0639\u0646 CVE-2023-50428. \u0645\u0644\u0627\u062d\u0638\u0629: \u062a\u0639\u0627\u0631\u0636 \u0628\u0639\u0636 \u0627\u0644\u0623\u0637\u0631\u0627\u0641 \u0641\u062d\u0635 \u0627\u0644\u062d\u062f \u0627\u0644\u062c\u062f\u064a\u062f \u0647\u0630\u0627 (\u0639\u0644\u0649 \u0633\u0628\u064a\u0644 \u0627\u0644\u0645\u062b\u0627\u0644\u060c \u0644\u0623\u0646\u0647\u0645 \u064a\u062a\u0641\u0642\u0648\u0646 \u0645\u0639 \u0627\u0644\u0647\u062f\u0641 \u0644\u0643\u0646\u0647\u0645 \u064a\u062e\u062a\u0644\u0641\u0648\u0646 \u0645\u0639 \u0627\u0644\u0622\u0644\u064a\u0629 \u0627\u0644\u0641\u0646\u064a\u0629\u060c \u0623\u0648 \u0644\u0623\u0646 \u0644\u062f\u064a\u0647\u0645 \u0647\u062f\u0641\u064b\u0627 \u0645\u062e\u062a\u0644\u0641\u064b\u0627).\n\n\ud83d\udea8CVE -2024-6904\n\u062a\u0645 \u0627\u0644\u0639\u062b\u0648\u0631 \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u062a\u0645 \u062a\u0635\u0646\u064a\u0641\u0647\u0627 \u0639\u0644\u0649 \u0623\u0646\u0647\u0627 \u062d\u0631\u062c\u0629 \u0641\u064a SourceCodester Record Management System 1.0. \u062a\u0624\u062b\u0631 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0639\u0644\u0649 \u062c\u0632\u0621 \u063a\u064a\u0631 \u0645\u0639\u0631\u0648\u0641 \u0645\u0646 \u0627\u0644\u0645\u0644\u0641 sort2_user.php. \u064a\u0624\u062f\u064a \u0627\u0644\u062a\u0644\u0627\u0639\u0628 \u0628\u062a\u0623\u0647\u064a\u0644 \u0627\u0644\u0648\u0633\u064a\u0637\u0629 \u0625\u0644\u0649 \u062d\u0642\u0646 SQL. \u0645\u0646 \u0627\u0644\u0645\u0645\u0643\u0646 \u0628\u062f\u0621 \u0627\u0644\u0647\u062c\u0648\u0645 \u0639\u0646 \u0628\u0639\u062f. \u062a\u0645 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0644\u0639\u0627\u0645\u0629 \u0648\u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627. \u062a\u0645 \u062a\u0639\u064a\u064a\u0646 \u0627\u0644\u0645\u0639\u0631\u0641 VDB-271929 \u0644\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629.\n\nALSED404:\n\u062a\u0633\u062a\u063a\u0644 \u0645\u062c\u0645\u0648\u0639\u0629 Mustang Panda APT \u0628\u0631\u0646\u0627\u0645\u062c VS Code \u0644\u0627\u0633\u062a\u0647\u062f\u0627\u0641 \u062d\u0643\u0648\u0645\u0627\u062a \u062c\u0646\u0648\u0628 \u0634\u0631\u0642 \u0622\u0633\u064a\u0627. \u0648\u064a\u0633\u0645\u062d \u0647\u0630\u0627 \u0644\u0644\u0645\u062a\u0633\u0644\u0644\u064a\u0646 \u0628\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0648\u0633\u0631\u0642\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0646\u0634\u0631 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\u0629 \u0639\u0628\u0631 \u0648\u0627\u062c\u0647\u0629 VS Code \u0627\u0644\u0639\u0643\u0633\u064a\u0629.\n\u0627\u0642\u0631\u0623 \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: https://thehackernews.com/2024/09/chinese-hackers-exploit-visual-studio.html\n\u0642\u0645 \u0628\u062a\u0639\u0632\u064a\u0632 \u0627\u0644\u062f\u0641\u0627\u0639\u0627\u062a \u0627\u0644\u0622\u0646 - \u0631\u0627\u0642\u0628 \u0647\u0630\u0647 \u0627\u0644\u062a\u0643\u062a\u064a\u0643\u0627\u062a!\n\nThe Smart Shadow:\n\ud83d\udea8CVE -2024-6904\n\u062a\u0645 \u0627\u0644\u0639\u062b\u0648\u0631 \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u062a\u0645 \u062a\u0635\u0646\u064a\u0641\u0647\u0627 \u0639\u0644\u0649 \u0623\u0646\u0647\u0627 \u062d\u0631\u062c\u0629 \u0641\u064a SourceCodester Record Management System 1.0. \u062a\u0624\u062b\u0631 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0639\u0644\u0649 \u062c\u0632\u0621 \u063a\u064a\u0631 \u0645\u0639\u0631\u0648\u0641 \u0645\u0646 \u0627\u0644\u0645\u0644\u0641 sort2_user.php. \u064a\u0624\u062f\u064a \u0627\u0644\u062a\u0644\u0627\u0639\u0628 \u0628\u062a\u0623\u0647\u064a\u0644 \u0627\u0644\u0648\u0633\u064a\u0637\u0629 \u0625\u0644\u0649 \u062d\u0642\u0646 SQL. \u0645\u0646 \u0627\u0644\u0645\u0645\u0643\u0646 \u0628\u062f\u0621 \u0627\u0644\u0647\u062c\u0648\u0645 \u0639\u0646 \u0628\u0639\u062f. \u062a\u0645 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0644\u0639\u0627\u0645\u0629 \u0648\u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627. \u062a\u0645 \u062a\u0639\u064a\u064a\u0646 \u0627\u0644\u0645\u0639\u0631\u0641 VDB-271929 \u0644\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629.\n\n\u062a\u0640\u0640\u0634\u0640\u0640\u0627\u0631\u0648\u0646\u1d9c\u02b0\u1d43\u02b3\u1d52\u207f\ud81a\udd54\u0f04:\n- CVE-2024-46049 - Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function.\n\n- CVE-2024-46049 - \u064a\u062d\u062a\u0648\u064a \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u0627\u0644\u062b\u0627\u0628\u062a Tenda O6 V3.0 V1.0.0.7(2054) \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u062a\u062c\u0627\u0648\u0632 \u0633\u0639\u0629 \u0627\u0644\u0645\u0643\u062f\u0633 \u0641\u064a \u0648\u0638\u064a\u0641\u0629 formexeCommand.\n\nALSED404:\nCVE-2023-26324: \u062b\u063a\u0631\u0629 \u062a\u0646\u0641\u064a\u0630 \u0643\u0648\u062f \u0641\u064a \u062a\u0637\u0628\u064a\u0642 XiaomiGetApps\n\u0645\u0627 \u0647\u064a \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629\u061f\n\u0647\u064a \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641\u0647\u0627 \u0641\u064a \u062a\u0637\u0628\u064a\u0642 XiaomiGetApps\u060c \u0648\u0647\u0648 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0631\u0633\u0645\u064a \u0644\u062a\u062d\u0645\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0639\u0644\u0649 \u0647\u0648\u0627\u062a\u0641 \u0634\u0627\u0648\u0645\u064a. \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u062a\u0646\u0641\u064a\u0630 \u0623\u064a \u0643\u0648\u062f \u062e\u0628\u064a\u062b \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0636\u062d\u064a\u0629\u060c \u0645\u0645\u0627 \u064a\u0639\u0637\u064a\u0647\u0645 \u0633\u064a\u0637\u0631\u0629 \u0643\u0627\u0645\u0644\u0629 \u0639\u0644\u064a\u0647.\n\u0643\u064a\u0641 \u062a\u0639\u0645\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629\u061f\n\u062a\u062d\u062f\u062b \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0628\u0633\u0628\u0628 \u0648\u062c\u0648\u062f \u062e\u0644\u0644 \u0641\u064a \u0622\u0644\u064a\u0629 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u062a\u064a \u064a\u062a\u0645 \u062a\u062d\u0645\u064a\u0644\u0647\u0627 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642. \u0647\u0630\u0627 \u0627\u0644\u062e\u0644\u0644 \u064a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u062a\u0636\u0645\u064a\u0646 \u0643\u0648\u062f \u0636\u0627\u0631 \u062f\u0627\u062e\u0644 \u062d\u0632\u0645\u0629 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u060c \u0648\u0639\u0646\u062f\u0645\u0627 \u064a\u0642\u0648\u0645 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0628\u062a\u062b\u0628\u064a\u062a \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u060c \u064a\u062a\u0645 \u062a\u0646\u0641\u064a\u0630 \u0647\u0630\u0627 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631.\n\u0645\u0627 \u0647\u064a \u0627\u0644\u0645\u062e\u0627\u0637\u0631 \u0627\u0644\u0646\u0627\u062a\u062c\u0629 \u0639\u0646 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629\u061f\n * \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629: \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u062c\u0645\u064a\u0639 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0648\u062c\u0648\u062f\u0629 \u0639\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632\u060c \u0645\u062b\u0644 \u0627\u0644\u0635\u0648\u0631 \u0648\u0627\u0644\u0631\u0633\u0627\u0626\u0644 \u0648\u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u0634\u062e\u0635\u064a\u0629.\n * \u0627\u0644\u062a\u062d\u0643\u0645 \u0627\u0644\u0643\u0627\u0645\u0644 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632: \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0639\u0646 \u0628\u0639\u062f\u060c \u0648\u062a\u062b\u0628\u064a\u062a \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0623\u062e\u0631\u0649\u060c \u0648\u062a\u063a\u064a\u064a\u0631 \u0627\u0644\u0625\u0639\u062f\u0627\u062f\u0627\u062a\u060c \u0648\u062d\u062a\u0649 \u062d\u0630\u0641 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.", "creation_timestamp": "2024-12-13T19:00:23.000000Z"}, {"uuid": "aefc2ce0-dc2e-4851-ace1-e58a76c2cbe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20397", "type": "seen", "source": "https://t.me/cvedetector/12019", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20397 - A vulnerability in the bootloader of Cisco NX-OS S\", \n  \"Content\": \"CVE ID : CVE-2024-20397 \nPublished : Dec. 4, 2024, 5:15 p.m. | 38\u00a0minutes ago \nDescription : A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.  \n  \nThis vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software. \nSeverity: 5.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T19:16:28.000000Z"}, {"uuid": "48dae054-9047-4dd7-831d-aaa4e46f5c3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20390", "type": "seen", "source": "https://t.me/cvedetector/5406", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20390 - Cisco IOS XR Dedicated XML Agent XML Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20390 \nPublished : Sept. 11, 2024, 5:15 p.m. | 16\u00a0minutes ago \nDescription : A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751.  \n  \nThis vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-11T19:32:55.000000Z"}, {"uuid": "69e4c0bc-1567-4677-8bdd-1015e7ca0453", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "seen", "source": "https://t.me/CyberBulletin/464", "content": "\u26a1\ufe0fChina-Nexus Group Velvet Ant Exploits Cisco Zero-Day (CVE-2024-20399).\n\n#CyberBulletin", "creation_timestamp": "2024-08-26T09:47:17.000000Z"}, {"uuid": "c39515e8-bf65-49e5-bda5-41107a4a240a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "Telegram/dy0HcB0JbMhr9TSnt2JGGTVQNQJQOp-PZb86NVh8ojAx7g", "content": "", "creation_timestamp": "2024-07-02T08:20:43.000000Z"}, {"uuid": "7b4a4957-3e03-4969-a4e3-29998739f514", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20395", "type": "seen", "source": "https://t.me/cvedetector/1108", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20395 - Cisco Webex App Unauthenticated Session Token Capture Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20395 \nPublished : July 17, 2024, 5:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.  \n  \n This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-17T19:53:52.000000Z"}, {"uuid": "90ecae08-4fbb-4280-8f02-dd3a1ac51d19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20396", "type": "seen", "source": "https://t.me/cvedetector/1105", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20396 - \"Cisco Webex App File Protocol Handler Information Disclosure Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-20396 \nPublished : July 17, 2024, 5:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information.  \n  \n This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-17T19:53:49.000000Z"}, {"uuid": "1f0eaf33-6eea-4100-9010-f42c945bb355", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/11351", "content": "\u200aChina-Nexus Group Velvet Ant Exploits Cisco Zero-Day (CVE-2024-20399)\n\nhttps://securityonline.info/china-nexus-group-velvet-ant-exploits-cisco-zero-day-cve-2024-20399/", "creation_timestamp": "2024-08-26T16:57:49.000000Z"}, {"uuid": "454f4e7d-5d78-459a-8b1e-917d2cc99ef4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://t.me/HackingInsights/4447", "content": "\u200aCVE-2024-20399: Cisco NX-OS Zero-Day Vulnerability Under Active Attack\n\nhttps://securityonline.info/cve-2024-20399-cisco-nx-os-zero-day-vulnerability-under-active-attack/", "creation_timestamp": "2024-07-02T11:12:41.000000Z"}, {"uuid": "5d614df1-207e-4b7e-b267-4ccc583f5638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "Telegram/CDKyvsslfR2OMsy9DgATHABylpYyQjrFRT8jFpTtc9vHkb5G", "content": "", "creation_timestamp": "2024-08-22T18:27:12.000000Z"}, {"uuid": "f7384c3f-5771-4a3f-ac0a-1700755d0992", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/18499", "content": "The Hacker News\nChinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control\n\nDetails have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade detection.\nThe activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024-20399 (CVSS score: 6.0) to deliver bespoke malware and gain extensive control", "creation_timestamp": "2024-08-22T22:12:22.000000Z"}, {"uuid": "85ee3cbf-651d-47d8-864c-6eaa66363b4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/13819", "content": "The Hacker News\nChinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware\n\nA China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware.\nThe vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected", "creation_timestamp": "2024-07-02T08:20:45.000000Z"}, {"uuid": "f491cc5d-50dc-42cf-aab7-dbb8330b9be6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "Telegram/G_sHLLKdYcNkkP59y-JA2Ng09SelwSmj1QKzw8ch9Qaiwg", "content": "", "creation_timestamp": "2024-07-02T09:37:03.000000Z"}, {"uuid": "26dab93c-42ce-44cb-9c38-4151d6688d4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2039", "type": "seen", "source": "https://t.me/arpsyndicate/4437", "content": "#ExploitObserverAlert\n\nCVE-2024-2039\n\nDESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2039. The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-04-11T05:06:11.000000Z"}, {"uuid": "6d597fbf-f18e-4359-a0a5-049c542d4b5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "Telegram/0TabUqzwVxFodSM3eSuTJegxOvozsh42UYfjsAQmBVOPLQ", "content": "", "creation_timestamp": "2024-08-22T22:55:57.000000Z"}, {"uuid": "6e82a406-160f-47cc-ae0f-1aa70d15bf1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/2713", "content": "The Hacker News\nChinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware\n\nA China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware.\nThe vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected", "creation_timestamp": "2024-07-02T08:20:45.000000Z"}, {"uuid": "210deb6d-a49d-4e76-8d20-4f9834806195", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/3697", "content": "The Hacker News\nChinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control\n\nDetails have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade detection.\nThe activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024-20399 (CVSS score: 6.0) to deliver bespoke malware and gain extensive control", "creation_timestamp": "2024-08-22T22:12:22.000000Z"}, {"uuid": "0c5eb237-07c7-4b4c-9e62-e267864556e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://t.me/KomunitiSiber/2447", "content": "Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control\nhttps://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html\n\nDetails have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade detection.\nThe activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024-20399 (CVSS score: 6.0) to deliver bespoke malware and gain extensive control", "creation_timestamp": "2024-08-22T19:51:26.000000Z"}, {"uuid": "72676d3a-b2e2-4bd3-8a49-63fed87fbed1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://t.me/InfoSecInsider/23530", "content": "\u26a1\ufe0fChina-Nexus Group Velvet Ant Exploits Cisco Zero-Day (CVE-2024-20399).\n\n#CyberBulletin", "creation_timestamp": "2024-08-26T09:47:20.000000Z"}, {"uuid": "023c373a-ef2d-4e70-a91a-1ff34ff7f977", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://t.me/KomunitiSiber/2193", "content": "Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware\nhttps://thehackernews.com/2024/07/chinese-hackers-exploiting-cisco.html\n\nA China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware.\nThe vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected", "creation_timestamp": "2024-07-02T08:35:44.000000Z"}, {"uuid": "900c9383-48ed-4aa1-9613-d0666d02d9fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "seen", "source": "https://t.me/true_secator/5922", "content": "Cisco \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 0-day \u0432 NX-OS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0430\u043f\u0440\u0435\u043b\u0435 \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u044b.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Sygnia \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0431\u043e\u043b\u0435\u0435 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 APT, \u043e\u0442\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u043a\u0430\u043a Velvet Ant.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, Velvet Ant \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 \u043c\u043d\u043e\u0433\u0438\u0445 \u043b\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0430\u043b\u0430 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u0432\u0437\u043b\u0430\u043c\u044b\u0432\u0430\u044f\u00a0\u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0435 F5 BIG-IP, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442,\u00a0\u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u0440\u0435\u0442\u0440\u0430\u043d\u0441\u043b\u044f\u0446\u0438\u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e-\u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0441\u043a\u0438\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u04212.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Cisco NX-OS \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445, \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u043d\u0438\u043c, \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\nCVE-2024-20399 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root \u043d\u0430 \u0431\u0430\u0437\u043e\u0432\u044b\u0445 \u041e\u0421 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0435\u0440\u0435\u0434\u0430\u044e\u0442\u0441\u044f \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u043c \u043a\u043e\u043c\u0430\u043d\u0434\u0430\u043c CLI \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438. \u0415\u0439  \u043c\u043e\u0436\u043d\u043e \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f, \u0432\u043a\u043b\u044e\u0447\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0432\u0445\u043e\u0434\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u043a\u043e\u043c\u0430\u043d\u0434\u044b CLI \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438.\n\n\u0421\u043f\u0438\u0441\u043e\u043a \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u043e\u0432, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0445 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e NX-OS: MDS 9000, Nexus 3000, Nexus 5500, Nexus 5600, Nexus 6000, Nexus 7000, \u0430 \u0442\u0430\u043a\u0436\u0435 Nexus 9000 \u0432 \u0430\u0432\u0442\u043e\u043d\u043e\u043c\u043d\u043e\u043c \u0440\u0435\u0436\u0438\u043c\u0435 NX-OS.\n\n\u0421\u0442\u043e\u0438\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u043d\u0435 \u0432\u044b\u0437\u044b\u0432\u0430\u044f \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u0433\u043e \u0436\u0443\u0440\u043d\u0430\u043b\u0430, \u0441\u043a\u0440\u044b\u0432\u0430\u044f \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u0438 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 NX-OS.\n\nCisco \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u0438 \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0441\u0435\u0442\u0438 \u0438 vdc-admin.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443\u00a0Cisco Software Checker, \u0447\u0442\u043e\u0431\u044b \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u0442\u044c, \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u043b\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0432 \u0438\u0445 \u0441\u0435\u0442\u0438 \u0430\u0442\u0430\u043a\u0430\u043c, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u043c \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-20399.", "creation_timestamp": "2024-07-02T13:15:36.000000Z"}, {"uuid": "2d394646-fe6c-415a-babc-0ec3c1c0e541", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://t.me/CyberSecurity026/5115", "content": "\u062a\u0636\u064a\u0641 CISA \u062e\u0637\u0623 \u062d\u0642\u0646 \u0623\u0648\u0627\u0645\u0631 CISCO NX-OS \u0625\u0644\u0649 \u0643\u062a\u0627\u0644\u0648\u062c \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629\n\n\u0623\u0636\u0627\u0641\u062a \u0648\u0643\u0627\u0644\u0629 \u0627\u0644\u0623\u0645\u0646 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a \u0648\u0623\u0645\u0646 \u0627\u0644\u0628\u0646\u064a\u0629 \u0627\u0644\u062a\u062d\u062a\u064a\u0629 (CISA) \u0627\u0644\u0623\u0645\u0631\u064a\u0643\u064a\u0629 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0644\u062d\u0642\u0646 \u0623\u0648\u0627\u0645\u0631 Cisco NX-OS\u060c \u0648\u0627\u0644\u062a\u064a \u064a\u062a\u0645 \u062a\u062a\u0628\u0639\u0647\u0627 \u0628\u0627\u0633\u0645 CVE-2024-20399\u060c \u0625\u0644\u0649 \u0643\u062a\u0627\u0644\u0648\u062c \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u0633\u062a\u063a\u0644\u0629 \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629 (KEV).\n\n\u0647\u0630\u0627 \u0627\u0644\u0623\u0633\u0628\u0648\u0639\u060c \u0639\u0627\u0644\u062c\u062a \u0634\u0631\u0643\u0629 Cisco \u062b\u063a\u0631\u0629 \u064a\u0648\u0645 \u0627\u0644\u0635\u0641\u0631 \u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 NX-OS\u060c \u0648\u0627\u0644\u062a\u064a \u062a\u0645 \u062a\u062a\u0628\u0639\u0647\u0627 \u0628\u0627\u0633\u0645 CVE-2024-20399 (\u062f\u0631\u062c\u0629 CVSS 6.0)\u060c \u0648\u0627\u0644\u062a\u064a \u0627\u0633\u062a\u063a\u0644\u062a\u0647\u0627 \u0645\u062c\u0645\u0648\u0639\u0629 Velvet Ant \u0627\u0644\u0645\u0631\u062a\u0628\u0637\u0629 \u0628\u0627\u0644\u0635\u064a\u0646 \u0644\u0646\u0634\u0631 \u0628\u0631\u0627\u0645\u062c \u0636\u0627\u0631\u0629 \u063a\u064a\u0631 \u0645\u0639\u0631\u0648\u0641\u0629 \u0633\u0627\u0628\u0642\u064b\u0627 \u0643\u062c\u0630\u0631 \u0639\u0644\u0649 \u0627\u0644\u0645\u062d\u0648\u0644\u0627\u062a \u0627\u0644\u0636\u0639\u064a\u0641\u0629.\n\n#\u0643\u0634\u0641_\u0627\u0644\u062b\u063a\u0631\u0627\u062a_\u0627\u0644\u0627\u0645\u0646\u064a\u0629 \n#\u0642\u0646\u0627\u0629_\u0627\u0644\u0627\u0645\u0646_\u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a \n\n\ud83d\udcdd \u0627\u0641\u062a\u062d \u0627\u0644\u0631\u0627\u0628\u0637 \u0627\u0644\u062a\u0627\u0644\u064a \u0644\u0644\u0645\u062a\u0627\u0628\u0639\u0629\nhttps://tinyurl.com/4t3h2r46", "creation_timestamp": "2024-07-10T11:04:19.000000Z"}, {"uuid": "783db106-0fea-48d1-9f25-127346859760", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20397", "type": "seen", "source": "https://t.me/true_secator/6517", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u043c\u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u044f\u043c\u0438 \u0438\u0437 \u043c\u0438\u0440\u0430 CVE. \u041f\u043e\u0434 \u043a\u043e\u043d\u0435\u0446 \u043d\u0435\u0434\u0435\u043b\u0438 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0430\u044f:\n\n1. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 watchTowr \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442\u00a0\u043e\u0431 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 0-day, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u043c \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0444\u0430\u0439\u043b\u043e\u0432 \u043d\u0430 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 VoIP Mitel MiCollab, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430 \u0443\u0432\u0435\u0434\u043e\u043c\u0438\u043b\u0438 \u0435\u0449\u0435 \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u0435.\n\n\u041d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 CVE \u043d\u0435 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u0430 \u0438 \u043d\u0435 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u043d\u043e\u043b\u044c \u0443\u0434\u0430\u043b\u043e\u0441\u044c, \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u044f \u0441 \u043c\u0435\u0442\u043e\u0434\u0430\u043c\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0438 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438 \u0432\u0432\u043e\u0434\u043e\u043c.\n\n\u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f CVE-2024-35286, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0435\u0439 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 23 \u043c\u0430\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 CVE-2024-41713, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u043e\u0439 9 \u043e\u043a\u0442\u044f\u0431\u0440\u044f.\n\n\u0412\u044b\u0436\u0434\u0430\u0432 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c \u0447\u0435\u0440\u0435\u0437 100 \u0434\u043d\u0435\u0439 \u043f\u043e\u0441\u043b\u0435 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f Mitel, watchTowr \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438 PoC \u0434\u043b\u044f \u043d\u043e\u0432\u043e\u0439 0-day, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u0435\u0442 \u043e\u0448\u0438\u0431\u043a\u0443 \u0441 CVE-2024-41713.\n\n\u0422\u0430\u043a \u0447\u0442\u043e \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u0431\u043e\u043b\u0435\u0435 16\u00a0000 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 MiCollab, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0432 \u0441\u0435\u0442\u0438, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 MiCollab 9.8 SP2 (9.8.2.12), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 CVE-2024-41713, \u0441\u043c\u044f\u0433\u0447\u0430\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 \u0447\u0442\u0435\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432.\u00a0\n\n2. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Rapid7 \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0438 \u043e\u043a\u0430\u0437\u0430\u043b\u0438 \u043f\u043e\u0441\u0438\u043b\u044c\u043d\u0443\u044e \u043f\u043e\u043c\u043e\u0449\u044c \u0432 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043f\u044f\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043a\u0430\u043c\u0435\u0440\u0430\u0445 \u0432\u0438\u0434\u0435\u043e\u043d\u0430\u0431\u043b\u044e\u0434\u0435\u043d\u0438\u044f Lorex\u00a02K Wi-Fi.\n\n\u0423\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0431\u044b\u043b\u043e \u0437\u0430\u044f\u0432\u043b\u0435\u043d\u043e \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0446\u0435\u043b\u0435\u0439 \u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own IoT 2024 \u0433\u043e\u0434\u0430, \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e Rapid7 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0430 \u0438 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u043f\u044f\u0442\u044c \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u0432 \u0434\u0432\u0430 \u044d\u0442\u0430\u043f\u0430, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044f RCE \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n3. Cisco \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f NX-OS, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0435 \u043e\u0431\u0445\u043e\u0434 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043e\u0431\u0440\u0430\u0437\u0430 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Google Cloud.\n\n\u041e\u043f\u0430\u0441\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0430\u044f \u043a\u0430\u043a CVE-2024-20397, \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u043c\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u043c\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043d\u0435\u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u041f\u041e.\n\n\u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f, \u043d\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 100 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u044b \u0441\u0435\u0440\u0438\u0438 MDS 9000, Nexus 3000 \u0438 7000, Nexus 9000 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 ACI, Nexus 9000 \u0432 \u0430\u0432\u0442\u043e\u043d\u043e\u043c\u043d\u043e\u043c \u0440\u0435\u0436\u0438\u043c\u0435 NX-OS, UCS 6400 \u0438 6500.\n\n4. \u0417\u0430\u0445\u0430\u0440 \u0424\u0435\u0434\u043e\u0442\u043a\u0438\u043d \u0438\u0437 PortSwigger \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043e \u0442\u043e\u043c, \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c WAF \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430 $Version \u0432 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u0447\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u0430\u0445 cookie.\n\n5. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 JFrog \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0435 \u043d\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0438 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0438 \u043c\u0430\u0448\u0438\u043d\u043d\u043e\u0433\u043e \u043e\u0431\u0443\u0447\u0435\u043d\u0438\u044f (\u041c\u041e) \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a MLflow, H2O, PyTorch \u0438 MLeap, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u043f\u0443\u0442\u044c \u0434\u043b\u044f RCE.\n\n\u0412 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a \u043d\u0430\u0431\u043e\u0440\u0443 \u0440\u0430\u043d\u0435\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, JFrog \u043f\u0440\u0438\u0441\u043e\u0432\u043e\u043a\u0443\u043f\u0438\u043b\u0430: CVE-2024-27132\u00a0(7,2), CVE-2024-6960\u00a0(7,5), CVE-2023-5245\u00a0(7,5), \u043e\u0434\u043d\u0430 \u0431\u0435\u0437 CVE (\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 TorchScript \u0432 PyTorch).", "creation_timestamp": "2024-12-06T18:30:05.000000Z"}, {"uuid": "fdd5691d-8848-44f9-8c3c-4f8c26829202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://t.me/theninjaway1337/1656", "content": "Cisco NX-OS Zero-Day Command Injection Flaw Under Active Attack\n\nA critical vulnerability in the Command Line Interface (CLI) of\u00a0Cisco NX-OS\u00a0Software is currently under active exploitation, allowing attackers to execute arbitrary commands as root on affected devices.\n\nThis zero-day flaw, identified as CVE-2024-20399, poses a significant threat to network security, particularly for organizations utilizing Cisco\u2019s Nexus and MDS series switches.\n\nThe vulnerability arises from insufficient validation of arguments passed to specific configuration CLI commands.\n\nhttps://cybersecuritynews.com/cisco-nx-os-zero-day-flaw", "creation_timestamp": "2024-07-07T16:55:36.000000Z"}, {"uuid": "bd93619d-def1-46ff-b707-9aa2e04acd45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://t.me/xakep_ru/16046", "content": "Cisco \u043f\u0430\u0442\u0447\u0438\u0442 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 NX-OS, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0435 \u0445\u0430\u043a\u0435\u0440\u044b\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Cisco \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 NX-OS, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u043c\u0430\u043d\u0434. \u0415\u0449\u0435 \u0432 \u0430\u043f\u0440\u0435\u043b\u0435 \u044d\u0442\u043e\u0442 \u0431\u0430\u0433 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u041a\u0438\u0442\u0430\u0435\u043c \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0430\u044f \u0445\u0430\u043a-\u0433\u0440\u0443\u043f\u043f\u0430 Velvet Ant, \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u044f \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u044b \u043c\u0430\u043b\u0432\u0430\u0440\u044c \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root.\n\nhttps://xakep.ru/2024/07/02/cve-2024-20399/", "creation_timestamp": "2024-07-02T19:18:29.000000Z"}, {"uuid": "7766aa90-6907-460d-ac02-281fb3e69561", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://t.me/thehackernews/5460", "content": "A China-linked threat group, Velvet Ant, has exploited a vulnerability (CVE-2024-20399) in Cisco switches as zero-day to gain control and evade detection. \n \nRead: https://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html", "creation_timestamp": "2024-08-22T18:18:30.000000Z"}, {"uuid": "7549cc9e-f293-407f-9440-b62dac8c1951", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://t.me/InfoSecInsider/61", "content": "\u26a1\ufe0fChina-Nexus Group Velvet Ant Exploits Cisco Zero-Day (CVE-2024-20399).\n\n#CyberBulletin", "creation_timestamp": "2024-08-26T09:47:20.000000Z"}, {"uuid": "1f25478f-814b-43ce-8889-45b820adf907", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://t.me/SecLabNews/15352", "content": "Cisco \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u043f\u043e\u0441\u043b\u0435 \u0430\u0442\u0430\u043a \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 \u0448\u043f\u0438\u043e\u043d\u043e\u0432\n\n\u23f1 Cisco \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 NX-OS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0441 root-\u043f\u0440\u0430\u0432\u0430\u043c\u0438. \u0410\u0442\u0430\u043a\u0438 \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u044e\u0442 \u0441 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u043e\u0439 Velvet Ant, \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u044e\u0449\u0435\u0439\u0441\u044f \u043d\u0430 \u0434\u043e\u043b\u0433\u043e\u0441\u0440\u043e\u0447\u043d\u043e\u043c \u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0435.\n\n\ud83d\udc68\u200d\ud83d\udcbb \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u0430\u043c Cisco Nexus. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u043e \u0438\u043c \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0435 \u0440\u0430\u043d\u0435\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\ud83d\udee1 \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-20399 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0441 root-\u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0431\u0435\u0437 \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0439 \u0436\u0443\u0440\u043d\u0430\u043b. Cisco \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u043c\u0435\u043d\u044f\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u043d\u0430 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0430\u043c.\n\n#Cisco #\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c #\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \n\n@ZerodayAlert", "creation_timestamp": "2024-07-02T12:08:27.000000Z"}, {"uuid": "ce7bc2a5-8563-4211-a408-d3c65046b8b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20399", "type": "exploited", "source": "https://t.me/CybNux/6555", "content": "\u0645\u062c\u0645\u0648\u0639\u0629 \u062a\u062c\u0633\u0633 \u0633\u064a\u0628\u0631\u0627\u0646\u064a \u0635\u064a\u0646\u064a\u0629 \u062a\u064f\u062f\u0639\u0649 \"Velvet Ant\" \u062a\u0645 \u0631\u0635\u062f\u0647\u0627 \u062a\u0633\u062a\u063a\u0644 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0628\u0631\u0646\u0627\u0645\u062c Cisco NX-OS \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0641\u064a \u0627\u0644\u0633\u0648\u064a\u062a\u0634\u0627\u062a \u0644\u062a\u062b\u0628\u064a\u062a \u0628\u0631\u0645\u062c\u064a\u0627\u062a \u062e\u0628\u064a\u062b\u0629.\n\n\ud83d\udd12 \u0627\u0644\u062b\u063a\u0631\u0629 CVE-2024-20399:\n\n\u062f\u0631\u062c\u0629 \u0627\u0644\u062e\u0637\u0648\u0631\u0629: 6.0\n\u062a\u0633\u0645\u062d \u0628\u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0643\u0640 root \u0639\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0645\u062a\u0623\u062b\u0631.\n\u062a\u062a\u0637\u0644\u0628 \u0648\u0635\u0648\u0644 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0639\u062a\u0645\u0627\u062f \u0627\u0644\u0645\u0633\u0624\u0648\u0644.\n\ud83d\udee1 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0645\u062a\u0623\u062b\u0631\u0629:\n\nNexus 3000, 5500, 5600, 6000, 7000, 9000.\nMDS 9000 Series.\n\ud83d\udca1 \u0645\u062c\u0645\u0648\u0639\u0629 \"Velvet Ant\":\n\n\u0627\u0633\u062a\u063a\u0644\u062a \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u062a\u0646\u0641\u064a\u0630 \u0628\u0631\u0645\u062c\u064a\u0627\u062a \u062e\u0628\u064a\u062b\u0629.\n\u062a\u0645\u0643\u0646\u062a \u0645\u0646 \u0627\u0644\u0627\u062a\u0635\u0627\u0644 \u0639\u0646 \u0628\u064f\u0639\u062f \u0628\u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0645\u062e\u062a\u0631\u0642\u0629 \u0648\u0631\u0641\u0639 \u0645\u0644\u0641\u0627\u062a \u0625\u0636\u0627\u0641\u064a\u0629.\n\n\n\u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u062c\u0647\u0632\u0629 \u0627\u0644\u0634\u0628\u0643\u0629  \u0628\u0634\u0643\u0644 \u0623\u0641\u0636\u0644 \u0642\u062f \u062a\u0645\u0646\u0639 \u0647\u0630\u0647 \u0627\u0644\u0647\u062c\u0645\u0627\u062a.", "creation_timestamp": "2024-07-19T03:42:37.000000Z"}]}