{"vulnerability": "CVE-2024-3528", "sightings": [{"uuid": "251d69f2-60d8-47e9-aa12-8dbc377d814a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113601180906534562", "content": "", "creation_timestamp": "2024-12-05T16:34:17.549375Z"}, {"uuid": "93948266-0437-48c9-b6bf-39146e985b7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113601179950935485", "content": "", "creation_timestamp": "2024-12-05T16:34:02.970260Z"}, {"uuid": "df7a5f7e-2d83-470c-981c-9f6e9e0f79db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35280", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113831854411716828", "content": "", "creation_timestamp": "2025-01-15T10:17:37.535248Z"}, {"uuid": "f02bd2ec-37fd-4166-acf1-6c5956d704f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35280", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfrn7t3xli2h", "content": "", "creation_timestamp": "2025-01-15T11:15:30.325500Z"}, {"uuid": "b701eaa2-c3c6-4e7d-96a1-26304ea6469c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35280", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfrojaxt272k", "content": "", "creation_timestamp": "2025-01-15T11:38:42.903204Z"}, {"uuid": "f3b78a2e-e70a-40f3-8e61-6b47e324ef33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "seen", "source": "https://bsky.app/profile/opsmatters.bsky.social/post/3lftevhrgdu24", "content": "", "creation_timestamp": "2025-01-16T03:51:52.430495Z"}, {"uuid": "fd2ebf48-cf3e-46c2-877b-95725eb943b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "seen", "source": "https://bsky.app/profile/opsmatters.bsky.social/post/3lgwas5pwtq2r", "content": "", "creation_timestamp": "2025-01-30T00:41:36.995157Z"}, {"uuid": "ecc08954-ba40-435c-9770-5bab5b8a8f86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35281", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2rvjquu3z2", "content": "", "creation_timestamp": "2025-05-13T15:38:07.591109Z"}, {"uuid": "2a4b462f-6a68-4dba-abdb-5e97eabda164", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-15T13:28:32.000000Z"}, {"uuid": "46a178a9-5413-4a9f-b8e8-b432f97648c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-35286.yaml", "content": "", "creation_timestamp": "2025-10-12T09:12:01.000000Z"}, {"uuid": "69cafb2d-8ba5-42ea-b7de-a8cdbbd42226", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35288", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m5tvlpvf7s2r", "content": "", "creation_timestamp": "2025-11-17T18:55:24.790602Z"}, {"uuid": "f7492de3-dc72-4ac7-bd11-f92b228838de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-16T03:45:03.000000Z"}, {"uuid": "2fb97074-99b7-4a75-afcd-e35dc504263c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m344f7uael27", "content": "", "creation_timestamp": "2025-10-13T21:02:41.982782Z"}, {"uuid": "2da9dc4e-cfe9-464c-88c7-bdcc5cfc2b88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-35286", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/0968961a-91c2-4449-84eb-0c177216e719", "content": "", "creation_timestamp": "2024-12-15T15:04:48.572831Z"}, {"uuid": "cb127a45-0427-4370-b208-f57d858d88c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "published-proof-of-concept", "source": "https://t.me/itsec_news/4912", "content": "\u200b\u26a1\ufe0f0Day \u0432 MiCollab: \u0442\u044b\u0441\u044f\u0447\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0440\u0438\u0441\u043a\u0443\u044e\u0442 \u0438\u0437-\u0437\u0430 \u0431\u0435\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f Mitel\n\n\ud83d\udcac \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043f\u043e\u0434 \u0443\u0434\u0430\u0440 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u043f\u0440\u0435\u0432\u0440\u0430\u0442\u0438\u0432\u0448\u0438\u0441\u044c \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0445\u0430\u043a\u0435\u0440\u043e\u0432.\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b watchTowr \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u043d\u0430 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 Mitel MiCollab, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0443\u044e \u0447\u0438\u0442\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b. \u0421\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e \u0441 \u0440\u0430\u043d\u0435\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u043e\u0448\u0438\u0431\u043a\u0430 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445. \u0414\u043b\u044f \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0443\u0433\u0440\u043e\u0437\u044b \u0431\u044b\u043b \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043f\u043e\u0441\u043b\u0435 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 100 \u0434\u043d\u0435\u0439 \u043e\u0436\u0438\u0434\u0430\u043d\u0438\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432.\n\nMitel MiCollab \u2014 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0434\u043b\u044f \u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432 \u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0447\u0435\u0440\u0435\u0437 \u0433\u043e\u043b\u043e\u0441\u043e\u0432\u0443\u044e \u0441\u0432\u044f\u0437\u044c, \u0432\u0438\u0434\u0435\u043e\u043a\u043e\u043d\u0444\u0435\u0440\u0435\u043d\u0446\u0438\u0438, \u0447\u0430\u0442\u044b, \u043e\u0431\u043c\u0435\u043d \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438. \u0421\u0432\u044b\u0448\u0435 16 000 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 MiCollab \u043f\u0440\u0438\u0432\u043b\u0435\u043a\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0446\u0435\u043b\u044c\u044e \u0434\u043b\u044f \u0445\u0430\u043a\u0435\u0440\u043e\u0432 \u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0412 \u043c\u0430\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 watchTowr \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-35286 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9.8) \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 NuPoint Unified Messaging (NPM) \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b MiCollab, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0441 \u0431\u0430\u0437\u043e\u0439 \u0434\u0430\u043d\u043d\u044b\u0445. \u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0431\u044b\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d \u0432 \u043c\u0430\u0435.\n\n\u041f\u043e\u0437\u0434\u043d\u0435\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0432\u044b\u044f\u0432\u0438\u043b\u0430 \u0435\u0449\u0435 \u043e\u0434\u043d\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 NPM ( CVE-2024-41713 , \u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7.5), \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u0443\u044e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u043b\u0430 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c, \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u044b\u043b\u043e \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043e \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435.\n\n\u0412 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0442\u0440\u0435\u0442\u044c\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u043a\u0430 \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 CVE-\u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0438 \u043e\u0441\u0442\u0430\u0451\u0442\u0441\u044f \u043d\u0435\u0443\u0441\u0442\u0440\u0430\u043d\u0451\u043d\u043d\u043e\u0439. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0447\u0438\u0442\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u00ab/etc/passwd\u00bb. \u0414\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u043b\u0438 \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441 CVE-2024-41713 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0441\u0432\u043e\u0435\u0433\u043e PoC.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 26 \u0430\u0432\u0433\u0443\u0441\u0442\u0430. \u0412 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 Mitel \u043e\u0431\u0435\u0449\u0430\u043b\u0430 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0435\u0440\u0432\u0443\u044e \u043d\u0435\u0434\u0435\u043b\u044e \u0434\u0435\u043a\u0430\u0431\u0440\u044f, \u043e\u0434\u043d\u0430\u043a\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043e. \u0412 watchTowr \u0437\u0430\u044f\u0432\u0438\u043b\u0438, \u0447\u0442\u043e, \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0441\u043f\u0443\u0441\u0442\u044f \u0431\u043e\u043b\u0435\u0435 100 \u0434\u043d\u0435\u0439 \u0441 \u043c\u043e\u043c\u0435\u043d\u0442\u0430 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f, \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0431\u044b\u043b\u0430 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0432 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0439 \u043e\u0442\u0447\u0435\u0442.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-12-06T19:07:19.000000Z"}, {"uuid": "bd204a24-c835-4401-bad9-ce697cf509bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35280", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1733", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-35280\n\ud83d\udd39 Description: A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints\n\ud83d\udccf Published: 2025-01-15T10:07:14.953Z\n\ud83d\udccf Modified: 2025-01-15T10:07:14.953Z\n\ud83d\udd17 References:\n1. https://fortiguard.fortinet.com/psirt/FG-IR-24-010", "creation_timestamp": "2025-01-15T11:14:39.000000Z"}, {"uuid": "842e0f89-9a51-4458-a307-676913851313", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35281", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16138", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-35281\n\ud83d\udd25 CVSS Score: 2.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R)\n\ud83d\udd39 Description: An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables.\n\ud83d\udccf Published: 2025-05-13T14:46:42.574Z\n\ud83d\udccf Modified: 2025-05-13T15:17:58.536Z\n\ud83d\udd17 References:\n1. https://fortiguard.fortinet.com/psirt/FG-IR-24-025", "creation_timestamp": "2025-05-13T15:31:11.000000Z"}, {"uuid": "57b81f80-8c3d-4279-b9ff-20c3495cf937", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "seen", "source": "https://t.me/CyberBulletin/1692", "content": "\u26a1\ufe0fWhere There\u2019s Smoke, There\u2019s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day.\n\n#CyberBulletin", "creation_timestamp": "2024-12-05T17:07:42.000000Z"}, {"uuid": "f8b2288e-8f3c-463e-b32a-afaf9f3480c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35280", "type": "seen", "source": "https://t.me/cvedetector/15435", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-35280 - Fortinet FortiDeceptor Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-35280 \nPublished : Jan. 15, 2025, 11:15 a.m. | 17\u00a0minutes ago \nDescription : A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T12:36:14.000000Z"}, {"uuid": "fa431c8d-8adf-4a38-8be5-4c98eb287893", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35285", "type": "seen", "source": "https://t.me/cvedetector/8584", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-35285 - Mitel MiCollab NuPoint Messenger Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-35285 \nPublished : Oct. 21, 2024, 9:15 p.m. | 39\u00a0minutes ago \nDescription : A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-22T00:24:31.000000Z"}, {"uuid": "26dd20a2-3da5-4996-be28-01acf1dcc466", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35287", "type": "seen", "source": "https://t.me/cvedetector/8578", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-35287 - Mitel MiCollab NuPoint Messenger Privilege Escalation vulnerablility\", \n  \"Content\": \"CVE ID : CVE-2024-35287 \nPublished : Oct. 21, 2024, 9:15 p.m. | 39\u00a0minutes ago \nDescription : A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-22T00:24:24.000000Z"}, {"uuid": "4704d2ac-ec7e-4b30-a0fe-4370f0370e5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "seen", "source": "https://t.me/cvedetector/8577", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-35286 - Mitel MiCollab NuPoint Messenger SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-35286 \nPublished : Oct. 21, 2024, 9:15 p.m. | 39\u00a0minutes ago \nDescription : A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-22T00:24:20.000000Z"}, {"uuid": "1638b5b2-5d45-4b3a-ac7a-3ae43379ad51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35288", "type": "seen", "source": "https://t.me/cvedetector/7419", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-35288 - Nitro PDF Pro Local Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-35288 \nPublished : Oct. 9, 2024, 4:15 a.m. | 38\u00a0minutes ago \nDescription : Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITY\\SYSTEM. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-09T07:17:01.000000Z"}, {"uuid": "e522ff57-7160-4817-b451-566446ea25a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35282", "type": "seen", "source": "https://t.me/cvedetector/5245", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-35282 - FortiClient VPN iOS Cleartext Password Storage Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-35282 \nPublished : Sept. 10, 2024, 3:15 p.m. | 45\u00a0minutes ago \nDescription : A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has physical access to a jailbroken device to obtain cleartext passwords via keychain dump. \nSeverity: 4.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T18:25:14.000000Z"}, {"uuid": "cfd8c442-2b9d-4c75-92a7-e2434b621d9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3528", "type": "seen", "source": "Telegram/WPVmY2QdyvheSL2lRVumyWSYYgld-uk9NkZ_lwr-6qYp8oq_", "content": "", "creation_timestamp": "2025-02-19T22:21:29.000000Z"}, {"uuid": "1d80be9a-db2f-46cd-b07c-a07964df5eab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35280", "type": "seen", "source": "Telegram/2f6tuqJwwVByNITadP7AGK80EgvpojkAE8IcAkZEyE42Tznb", "content": "", "creation_timestamp": "2025-02-06T02:40:19.000000Z"}, {"uuid": "168aef26-5590-4237-a38d-57d8eb1702ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "seen", "source": "https://t.me/true_secator/6517", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u043c\u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u044f\u043c\u0438 \u0438\u0437 \u043c\u0438\u0440\u0430 CVE. \u041f\u043e\u0434 \u043a\u043e\u043d\u0435\u0446 \u043d\u0435\u0434\u0435\u043b\u0438 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0430\u044f:\n\n1. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 watchTowr \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442\u00a0\u043e\u0431 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 0-day, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u043c \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0444\u0430\u0439\u043b\u043e\u0432 \u043d\u0430 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 VoIP Mitel MiCollab, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430 \u0443\u0432\u0435\u0434\u043e\u043c\u0438\u043b\u0438 \u0435\u0449\u0435 \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u0435.\n\n\u041d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 CVE \u043d\u0435 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u0430 \u0438 \u043d\u0435 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u043d\u043e\u043b\u044c \u0443\u0434\u0430\u043b\u043e\u0441\u044c, \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u044f \u0441 \u043c\u0435\u0442\u043e\u0434\u0430\u043c\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0438 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438 \u0432\u0432\u043e\u0434\u043e\u043c.\n\n\u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f CVE-2024-35286, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0435\u0439 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 23 \u043c\u0430\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 CVE-2024-41713, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u043e\u0439 9 \u043e\u043a\u0442\u044f\u0431\u0440\u044f.\n\n\u0412\u044b\u0436\u0434\u0430\u0432 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c \u0447\u0435\u0440\u0435\u0437 100 \u0434\u043d\u0435\u0439 \u043f\u043e\u0441\u043b\u0435 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f Mitel, watchTowr \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438 PoC \u0434\u043b\u044f \u043d\u043e\u0432\u043e\u0439 0-day, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u0435\u0442 \u043e\u0448\u0438\u0431\u043a\u0443 \u0441 CVE-2024-41713.\n\n\u0422\u0430\u043a \u0447\u0442\u043e \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u0431\u043e\u043b\u0435\u0435 16\u00a0000 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 MiCollab, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0432 \u0441\u0435\u0442\u0438, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 MiCollab 9.8 SP2 (9.8.2.12), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 CVE-2024-41713, \u0441\u043c\u044f\u0433\u0447\u0430\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 \u0447\u0442\u0435\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432.\u00a0\n\n2. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Rapid7 \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0438 \u043e\u043a\u0430\u0437\u0430\u043b\u0438 \u043f\u043e\u0441\u0438\u043b\u044c\u043d\u0443\u044e \u043f\u043e\u043c\u043e\u0449\u044c \u0432 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043f\u044f\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043a\u0430\u043c\u0435\u0440\u0430\u0445 \u0432\u0438\u0434\u0435\u043e\u043d\u0430\u0431\u043b\u044e\u0434\u0435\u043d\u0438\u044f Lorex\u00a02K Wi-Fi.\n\n\u0423\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0431\u044b\u043b\u043e \u0437\u0430\u044f\u0432\u043b\u0435\u043d\u043e \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0446\u0435\u043b\u0435\u0439 \u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own IoT 2024 \u0433\u043e\u0434\u0430, \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e Rapid7 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0430 \u0438 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u043f\u044f\u0442\u044c \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u0432 \u0434\u0432\u0430 \u044d\u0442\u0430\u043f\u0430, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044f RCE \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n3. Cisco \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f NX-OS, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0435 \u043e\u0431\u0445\u043e\u0434 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043e\u0431\u0440\u0430\u0437\u0430 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Google Cloud.\n\n\u041e\u043f\u0430\u0441\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0430\u044f \u043a\u0430\u043a CVE-2024-20397, \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u043c\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u043c\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043d\u0435\u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u041f\u041e.\n\n\u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f, \u043d\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 100 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u044b \u0441\u0435\u0440\u0438\u0438 MDS 9000, Nexus 3000 \u0438 7000, Nexus 9000 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 ACI, Nexus 9000 \u0432 \u0430\u0432\u0442\u043e\u043d\u043e\u043c\u043d\u043e\u043c \u0440\u0435\u0436\u0438\u043c\u0435 NX-OS, UCS 6400 \u0438 6500.\n\n4. \u0417\u0430\u0445\u0430\u0440 \u0424\u0435\u0434\u043e\u0442\u043a\u0438\u043d \u0438\u0437 PortSwigger \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043e \u0442\u043e\u043c, \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c WAF \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430 $Version \u0432 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u0447\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u0430\u0445 cookie.\n\n5. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 JFrog \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0435 \u043d\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0438 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0438 \u043c\u0430\u0448\u0438\u043d\u043d\u043e\u0433\u043e \u043e\u0431\u0443\u0447\u0435\u043d\u0438\u044f (\u041c\u041e) \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a MLflow, H2O, PyTorch \u0438 MLeap, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u043f\u0443\u0442\u044c \u0434\u043b\u044f RCE.\n\n\u0412 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a \u043d\u0430\u0431\u043e\u0440\u0443 \u0440\u0430\u043d\u0435\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, JFrog \u043f\u0440\u0438\u0441\u043e\u0432\u043e\u043a\u0443\u043f\u0438\u043b\u0430: CVE-2024-27132\u00a0(7,2), CVE-2024-6960\u00a0(7,5), CVE-2023-5245\u00a0(7,5), \u043e\u0434\u043d\u0430 \u0431\u0435\u0437 CVE (\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 TorchScript \u0432 PyTorch).", "creation_timestamp": "2024-12-06T18:30:05.000000Z"}, {"uuid": "9d61e5b6-ca8c-4cad-a3da-4fcf2298b51a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/9404", "content": "Where There\u2019s Smoke, There\u2019s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day\n\nhttps://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/", "creation_timestamp": "2024-12-05T14:44:20.000000Z"}, {"uuid": "01868348-ae2a-42e3-8660-95155c372888", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "seen", "source": "https://t.me/CyberBulletin/26710", "content": "\u26a1\ufe0fWhere There\u2019s Smoke, There\u2019s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day.\n\n#CyberBulletin", "creation_timestamp": "2024-12-05T17:07:42.000000Z"}, {"uuid": "b58131bd-8ba3-4c60-a90e-c5e6ec23bb74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11522", "content": "#exploit\n1. CVE-2024-46538:\nPfSense Stored XSS\nhttps://github.com/LauLeysen/CVE-2024-46538\n\n2. CVE-2024-35286/41713:\nMitel MiCollab SQLI / Path Traversal\nhttps://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day\n\n3. CVE-2023-6200:\nLinux Kernel ICMPv6 Race Condtion\nhttps://u1f383.github.io/linux/2024/12/04/linux-kernel-icmpv6-and-cve-2023-6200.html", "creation_timestamp": "2024-12-06T11:00:37.000000Z"}, {"uuid": "e34272c9-6dfe-4d39-b900-69a8f07de6dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/5389", "content": "#exploit\n1. CVE-2024-46538:\nPfSense Stored XSS\nhttps://github.com/LauLeysen/CVE-2024-46538\n\n2. CVE-2024-35286/41713:\nMitel MiCollab SQLI / Path Traversal\nhttps://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day\n\n3. CVE-2023-6200:\nLinux Kernel ICMPv6 Race Condtion\nhttps://u1f383.github.io/linux/2024/12/04/linux-kernel-icmpv6-and-cve-2023-6200.html", "creation_timestamp": "2024-12-06T10:12:49.000000Z"}, {"uuid": "9aeaa6e7-1549-4382-89c5-5cab96e60007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "seen", "source": "https://t.me/brutsecurity/1176", "content": "\ud83d\udea8CVE-2024-35286 &amp; CVE-2024-41713:Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access\n\n\ud83d\udd25PoC: https://github.com/watchtowrlabs/Mitel-MiCollab-Auth-Bypass_CVE-2024-41713\n\n\ud83d\udc47Dorks\nHUNTER:/product.name=\"Mitel MiCollab\"\nSHODAN: http.favicon.hash:-1922044295\nFOFA: app=\"Mitel-Network-Products\"", "creation_timestamp": "2026-07-09T04:00:11.566187Z"}, {"uuid": "ba5b4912-4d45-45bf-b37a-90d38bb06289", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "seen", "source": "https://t.me/brutsecurity/1176", "content": "\ud83d\udea8CVE-2024-35286 &amp; CVE-2024-41713:Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access\n\n\ud83d\udd25PoC: https://github.com/watchtowrlabs/Mitel-MiCollab-Auth-Bypass_CVE-2024-41713\n\n\ud83d\udc47Dorks\nHUNTER:/product.name=\"Mitel MiCollab\"\nSHODAN: http.favicon.hash:-1922044295\nFOFA: app=\"Mitel-Network-Products\"", "creation_timestamp": "2026-07-10T00:00:35.723770Z"}, {"uuid": "94264734-b18c-400c-a5bb-1584700e3350", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/1176", "content": "\ud83d\udea8CVE-2024-35286 &amp; CVE-2024-41713:Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access\n\n\ud83d\udd25PoC: https://github.com/watchtowrlabs/Mitel-MiCollab-Auth-Bypass_CVE-2024-41713\n\n\ud83d\udc47Dorks\nHUNTER:/product.name=\"Mitel MiCollab\"\nSHODAN: http.favicon.hash:-1922044295\nFOFA: app=\"Mitel-Network-Products\"", "creation_timestamp": "2026-07-11T16:00:03.233866Z"}, {"uuid": "07ecdd8d-f81c-469b-b0c2-5f2ccb71f0b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-35286", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/1176", "content": "\ud83d\udea8CVE-2024-35286 &amp; CVE-2024-41713:Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access\n\n\ud83d\udd25PoC: https://github.com/watchtowrlabs/Mitel-MiCollab-Auth-Bypass_CVE-2024-41713\n\n\ud83d\udc47Dorks\nHUNTER:/product.name=\"Mitel MiCollab\"\nSHODAN: http.favicon.hash:-1922044295\nFOFA: app=\"Mitel-Network-Products\"", "creation_timestamp": "2026-07-12T00:00:45.944693Z"}]}