{"vulnerability": "CVE-2024-2880", "sightings": [{"uuid": "68e9e554-bc56-4699-8563-cf9e71159daa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28809", "type": "seen", "source": "https://t.me/true_secator/6267", "content": "\u0412 \u043c\u043d\u043e\u0433\u043e\u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u043e\u043f\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0442\u0440\u0430\u043d\u0441\u043f\u043e\u0440\u0442\u043d\u043e\u0439 SDN-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u0441\u0435\u0440\u0438\u0438 hiT 7300 5.60.50 \u043e\u0442 Infinera \u0434\u043b\u044f \u043a\u0440\u0443\u043f\u043d\u0435\u0439\u0448\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u0430\u043b\u044c\u043d\u0435\u0439 \u0441\u0432\u044f\u0437\u0438 \u0431\u044b\u043b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 (CVE-2024-28812 \u0438 CVE-2024-28813 \u0441 CVSS 8,8 \u0438 8,4 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e).\n\n\u0423\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u043e\u0441\u043d\u0430\u0449\u0435\u043d\u043e \u0434\u0432\u0443\u043c\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c\u0438 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430\u043c\u0438.\n\n\u0418\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u0441 \u0438\u043c\u0435\u043d\u0435\u043c\u00a0Q \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f DCN, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438\u0437 \u0441\u0438\u0441\u0442\u0435\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u0418\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u0441 \u0438\u043c\u0435\u043d\u0435\u043c\u00a0QF \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e \u043d\u0430 \u044d\u0442\u0430\u043f\u0430\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0434\u043b\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432.\n\n\u041e\u0431\u0430 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043d\u0435 \u0438\u043c\u0435\u044e\u0442 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043f\u043e SSH.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0443\u044e\u0441\u044f \u0432 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0444\u0430\u0439\u043b\u0430\u0445 (CVE-2024-28812) \u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0432\u0438\u0434\u0435, \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u044b\u0435 \u0432 \u0444\u0430\u0439\u043b\u0430\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0433\u043e \u041f\u041e (CVE-2024-28809), \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0439 \u043a \u0441\u0435\u0442\u0435\u0432\u043e\u043c\u0443 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0443\u00a0QF, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u041e\u0421 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0447\u0435\u0440\u0435\u0437 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0441\u043e \u0441\u043b\u0443\u0436\u0431\u043e\u0439 SSH, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0435\u0439 \u043d\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c \u043f\u043e\u0440\u0442\u0443, \u0435\u0441\u043b\u0438 \u043d\u0430 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0439 IP-\u0430\u0434\u0440\u0435\u0441. \n\n\u0414\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0441 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f @CT \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u043d\u0435\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u043a\u0440\u044b\u0442\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 \u0440\u0435\u0436\u0438\u043c (CVE-2024-28813), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 SSH-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u043d\u0430\u00a0Q\u00a0\u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0439 \u043f\u043e\u0440\u0442 \u0438 \u0441 \u043d\u0435\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u0441 \u0432\u044b\u0441\u043e\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\n\u041d\u043e \u0432 \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u043e\u0439 \u043f\u0440\u0435\u0441\u0441\u0435 \u0432\u0440\u044f\u0434 \u043b\u0438 \u043e\u0431 \u044d\u0442\u043e\u043c \u043d\u0430\u043f\u0438\u0448\u0443\u0442.\n\n\u041d\u0430 \u043f\u0435\u0440\u0432\u044b\u0445 \u043f\u043e\u043b\u043e\u0441\u0430\u0445 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0438\u0441\u043a\u0430\u0442\u044c \u0441\u043b\u0435\u0434\u044b \u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0430 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 APT \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u043c\u0435\u0441\u0442\u043d\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u043e\u0432, \u043a\u0430\u043a \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0441 \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0439 Salt Typhoon (aka \u00a0FamousSparrow\u00a0\u0438 GhostEmperor).", "creation_timestamp": "2024-10-01T16:38:54.000000Z"}, {"uuid": "d69e6af5-7737-4e00-a54e-866b4fe20fb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28803", "type": "seen", "source": "https://t.me/cvedetector/20228", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28803 - Italtel i-MCS NFV XSS\", \n  \"Content\": \"CVE ID : CVE-2024-28803 \nPublished : March 13, 2025, 2:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T17:17:36.000000Z"}, {"uuid": "e91fe015-2a10-49e1-a532-0be108a6a149", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28807", "type": "seen", "source": "https://t.me/cvedetector/6684", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28807 - Infinera hiT 7300 Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-28807 \nPublished : Sept. 30, 2024, 9:15 p.m. | 35\u00a0minutes ago \nDescription : An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain various users' passwords by accessing memory dumps of the desktop application. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-01T00:11:22.000000Z"}, {"uuid": "77d80883-4b4d-41e2-b0b0-97b1b3bf7c7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2880", "type": "seen", "source": "https://t.me/cvedetector/645", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-2880 - An issue was discovered in GitLab CE/EE affecting\", \n  \"Content\": \"CVE ID : CVE-2024-2880 \nPublished : July 11, 2024, 7:15 a.m. | 38\u00a0minutes ago \nDescription : An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group members. \nSeverity: 2.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T09:57:29.000000Z"}, {"uuid": "c348e1d9-5ea4-4a04-a316-21e7f3c32393", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28808", "type": "seen", "source": "https://t.me/cvedetector/6685", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28808 - Infinera hiT 7300 Authenticated Remote Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-28808 \nPublished : Sept. 30, 2024, 9:15 p.m. | 35\u00a0minutes ago \nDescription : An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web applications. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-01T00:11:23.000000Z"}, {"uuid": "66abb0d9-ee03-4417-9691-7f8d7549c0e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28809", "type": "seen", "source": "https://t.me/cvedetector/6675", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28809 - Infinera hiT 7300 Password Storage Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-28809 \nPublished : Sept. 30, 2024, 6:15 p.m. | 31\u00a0minutes ago \nDescription : An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-30T20:50:28.000000Z"}, {"uuid": "65453d7f-7dae-45bd-b839-c3378c5c566f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28805", "type": "seen", "source": "https://t.me/cvedetector/1918", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28805 - Italtel i-MCS NFV Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-28805 \nPublished : July 29, 2024, 7:15 p.m. | 38\u00a0minutes ago \nDescription : An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T22:09:46.000000Z"}, {"uuid": "bea4de60-6720-463a-b0a9-233641bd59a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28804", "type": "seen", "source": "https://t.me/cvedetector/1917", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28804 - Italtel i-MCS NFV Stored Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-28804 \nPublished : July 29, 2024, 7:15 p.m. | 38\u00a0minutes ago \nDescription : An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Stored Cross-site scripting (XSS) can occur via POST. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T22:09:45.000000Z"}, {"uuid": "f38c9af5-b7bb-49e7-b880-d266688bb311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28806", "type": "seen", "source": "https://t.me/cvedetector/1916", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28806 - Italtel i-MCS NFV File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-28806 \nPublished : July 29, 2024, 7:15 p.m. | 38\u00a0minutes ago \nDescription : An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T22:09:44.000000Z"}]}