{"vulnerability": "cve-2022-3602", "sightings": [{"uuid": "aff3351f-79e6-4d06-9450-0f461bddc3bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://msrc.microsoft.com/blog/2022/11/microsoft-guidance-related-to-openssl-risk-cve-2022-3786-and-cve-2202-3602/", "content": "", "creation_timestamp": "2022-11-02T06:00:00.000000Z"}, {"uuid": "b6468554-88c7-4be9-b953-0e8774f46c61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lwbpuafm3s2z", "content": "", "creation_timestamp": "2025-08-13T11:28:24.934631Z"}, {"uuid": "f02bd99c-6c41-4b30-b442-5c8f9e3fe671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3200", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aDetects attempts at exploitation of CVE-2022-3602, a remote code execution vulnerability in OpenSSL v 3.0.0 through v.3.0.6 \nURL\uff1ahttps://github.com/corelight/CVE-2022-3602\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-08T22:46:19.000000Z"}, {"uuid": "28f82ff4-39eb-42ab-8bc4-4999f71a1173", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3159", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aSpookySSL CVE-2022-3602 SSLv3 Scanner for Windows, Linux, macOS\nURL\uff1ahttps://github.com/alicangnll/SpookySSL-Scanner\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-02T12:33:49.000000Z"}, {"uuid": "789cd4af-f423-40bb-bb42-555f11443a78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/GithubRedTeam/3165", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aOperational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3\nURL\uff1ahttps://github.com/NCSC-NL/OpenSSL-2022\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-02T15:02:30.000000Z"}, {"uuid": "d77d9410-2cab-4f44-a7e8-57fba535477f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://gist.github.com/mrmps/37e0bfc1524af08c45deece8c02b46de", "content": "", "creation_timestamp": "2025-08-27T18:26:43.000000Z"}, {"uuid": "81a826a3-dd94-4059-a322-c876ad109e8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_20/2022", "content": "", "creation_timestamp": "2022-11-01T17:25:50.000000Z"}, {"uuid": "7b1a4c57-f8d4-4992-867d-85293500488f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10368", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Zero-day: The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation.\n\nhttps://securitylabs.datadoghq.com/articles/openssl-november-1-vulnerabilities/", "creation_timestamp": "2022-11-03T05:52:03.000000Z"}, {"uuid": "b825f2c2-ada5-43a7-8493-943d79e92da3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/ctinow/72828", "content": "Security Advisory for OpenSSL Vulnerabilities CVE-2022-3602 &amp; CVE-2022-3786\n\nhttps://ift.tt/upNe8F5", "creation_timestamp": "2022-11-02T09:51:28.000000Z"}, {"uuid": "b7bcd468-9d8a-4e08-9ec2-72505f7a7d00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3455", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aOperational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3\nURL\uff1ahttps://github.com/NCSC-NL/OpenSSL-2022\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-18T15:57:59.000000Z"}, {"uuid": "42359d69-b3df-4d00-b521-c0d3ae22135a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/ics_cert/671", "content": "\u063a\u0648\u0644\u200c\u0647\u0627\u06cc \u0635\u0646\u0639\u062a\u06cc \u0632\u06cc\u0645\u0646\u0633 \u0648 \u0627\u0634\u0646\u0627\u06cc\u062f\u0631 \u0627\u0644\u06a9\u062a\u0631\u06cc\u06a9 \u0628\u06cc\u0634 \u0627\u0632 140 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u0628\u0627 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627\u06cc \u062e\u0648\u062f \u062f\u0631 \u062f\u0633\u0627\u0645\u0628\u0631 2022 \u0628\u0631\u0637\u0631\u0641 \u06a9\u0631\u062f\u0647\u200c\u0627\u0646\u062f.\n\u0632\u06cc\u0645\u0646\u0633 80 \u0646\u0642\u0635 OpenSSL \u0648 OpenSSH \u0631\u0627 \u062f\u0631 \u0633\u0648\u0626\u06cc\u0686 \u0647\u0627 \u0631\u0641\u0639 \u06a9\u0631\u062f\n\n\u0632\u06cc\u0645\u0646\u0633\n\n\u0637\u0628\u0642 \u0645\u0639\u0645\u0648\u0644\u060c \u0632\u06cc\u0645\u0646\u0633 \u062a\u0648\u0635\u06cc\u0647 \u0647\u0627\u06cc \u0628\u0633\u06cc\u0627\u0631 \u0628\u06cc\u0634\u062a\u0631\u06cc \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f \u0648 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u0628\u06cc\u0634\u062a\u0631\u06cc \u0631\u0627 \u0628\u0631\u0637\u0631\u0641 \u06a9\u0631\u062f. \u0628\u0647 \u0637\u0648\u0631 \u062e\u0627\u0635\u060c \u0627\u06cc\u0646 \u0634\u0631\u06a9\u062a 20 \u062a\u0648\u0635\u06cc\u0647 \u062c\u062f\u06cc\u062f \u0631\u0627 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f \u06a9\u0647 \u0628\u0647 \u062d\u062f\u0648\u062f 140 \u062d\u0641\u0631\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u067e\u0631\u062f\u0627\u062e\u062a\u0647 \u0627\u0633\u062a.\n\n\u06cc\u06a9\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u062a\u0648\u0635\u06cc\u0647\u200c\u0647\u0627 \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u0631\u0627 \u062f\u0631 \u0645\u0648\u0631\u062f \u0648\u0635\u0644\u0647\u200c\u0647\u0627\u06cc \u0628\u06cc\u0634 \u0627\u0632 80 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc OpenSSL \u0648 OpenSSH \u06a9\u0647 \u0628\u0631 \u0633\u0648\u0626\u06cc\u0686\u200c\u0647\u0627\u06cc Scalance X-200RNA \u0622\u0646 \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc\u200c\u06af\u0630\u0627\u0631\u062f\u060c \u0622\u06af\u0627\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f . CVE \u0647\u0627\u06cc \u0630\u06a9\u0631 \u0634\u062f\u0647 \u062f\u0631 \u0645\u062d\u062f\u0648\u062f\u0647 \u0645\u0634\u0627\u0648\u0631\u0647 \u0628\u06cc\u0646 \u0633\u0627\u0644 \u0647\u0627\u06cc 2003 \u0648 2019. \u0627\u06cc\u0646 \u062a\u0646\u0647\u0627 \u062a\u0648\u0635\u06cc\u0647 \u0627\u06cc \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631\u062c\u0647 \u0628\u0646\u062f\u06cc \u0634\u062f\u062a \u06a9\u0644\u06cc \u0622\u0646 \"\u0628\u062d\u0631\u0627\u0646\u06cc\" \u0627\u0633\u062a.\n\n\u0647\u0645\u06cc\u0646 \u0633\u0648\u0626\u06cc\u0686 \u0647\u0627 \u0647\u0645\u0686\u0646\u06cc\u0646 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0634\u0634 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u062f\u062a \u0645\u062a\u0648\u0633\u0637 \u200b\u200b\u0648 \u0628\u0627\u0644\u0627 \u0642\u0631\u0627\u0631 \u0645\u06cc \u06af\u06cc\u0631\u0646\u062f \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0631\u0627\u06cc \u062d\u0645\u0644\u0627\u062a \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0628\u06cc\u0646 \u0633\u0627\u06cc\u062a\u06cc (XSS)\u060c \u062d\u0645\u0644\u0627\u062a \u0627\u0646\u06a9\u0627\u0631 \u0633\u0631\u0648\u06cc\u0633 (DoS) \u0648 \u0631\u0628\u0648\u062f\u0646 \u062c\u0644\u0633\u0647 \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u0646\u062f.\n\n\u0639\u0644\u0627\u0648\u0647 \u0628\u0631 \u0627\u06cc\u0646\u060c \u0632\u06cc\u0645\u0646\u0633 \u0628\u0647 \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u0627\u0637\u0644\u0627\u0639 \u062f\u0627\u062f \u06a9\u0647 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0645\u062d\u0635\u0648\u0644\u0627\u062a\u0634 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u062f\u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc OpenSSL \u0627\u062e\u06cc\u0631\u0627\u064b \u0627\u0635\u0644\u0627\u062d\u200c\u0634\u062f\u0647 \u0628\u0627 \u0646\u0627\u0645\u200c\u0647\u0627\u06cc CVE-2022-3602 \u0648 CVE-2022-3786 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u0646\u062f. CVE-2022-3602 \u062f\u0631 \u0627\u0628\u062a\u062f\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \"\u0628\u062d\u0631\u0627\u0646\u06cc\" \u0637\u0628\u0642\u0647 \u0628\u0646\u062f\u06cc \u0634\u062f\u060c \u0627\u0645\u0627 \u0628\u0639\u062f\u0627 \u0628\u0647 \"\u0628\u0627\u0644\u0627\" \u062a\u0646\u0632\u0644 \u06cc\u0627\u0641\u062a .\n\n\u0627\u06cc\u0646 \u0634\u0631\u06a9\u062a \u0647\u0645\u0686\u0646\u06cc\u0646 \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627\u06cc\u06cc \u0631\u0627 \u06a9\u0647 \u0627\u0632 \u0645\u062d\u0635\u0648\u0644\u0627\u062a\u0634 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u062f\u0631 \u0645\u0648\u0631\u062f \u0645\u0634\u06a9\u0644\u0627\u062a \u0634\u062f\u06cc\u062f \u062f\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a Sicam PAS\u060c Apogee/Talon\u060c Mendix\u060c Teamcenter Visualization\u060c JT2Go\u060c Scalance\u060c Simatic\u060c Parasolid\u060c Ruggedcom \u0648 Simcenter STAR-CCM+ \u0645\u0637\u0644\u0639 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a.\n\n\u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631\u060c \u0627\u0641\u0632\u0627\u06cc\u0634 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a\u060c \u062d\u0645\u0644\u0627\u062a DoS\u060c \u0627\u0641\u0634\u0627\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0648 \u062f\u0633\u062a\u06a9\u0627\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0634\u0648\u062f.\n\n\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0628\u0627 \u0634\u062f\u062a \u0645\u062a\u0648\u0633\u0637 \u200b\u200b\u062f\u0631 \u0633\u0631\u0648\u0631 PLM \u0632\u06cc\u0645\u0646\u0633 (\u062f\u06cc\u06af\u0631 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0646\u0645\u06cc\u200c\u0634\u0648\u062f)\u060c \u067e\u0627\u0646\u0644\u200c\u0647\u0627\u06cc \u0645\u06cc\u062f\u0627\u0646 Apogee/Talon\u060c \u062f\u0633\u062a\u06af\u0627\u0647\u200c\u0647\u0627\u06cc Simatic WinCC OA\u060c Siprotec 5 \u0648 \u0631\u0627\u0647\u200c\u062d\u0644 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0686\u0631\u062e\u0647 \u0639\u0645\u0631 \u0628\u0631\u0646\u0627\u0645\u0647 \u06a9\u0627\u0631\u0628\u0631\u062f\u06cc Polarion \u06cc\u0627\u0641\u062a \u0634\u062f\u0647 \u0627\u0633\u062a.\n\n\u0627\u06cc\u0646 \u0646\u0642\u0635\u200c\u0647\u0627\u06cc \u0628\u0627 \u0634\u062f\u062a \u0645\u062a\u0648\u0633\u0637 \u200b\u200b\u0631\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0631\u0627\u06cc \u062d\u0645\u0644\u0627\u062a XSS\u060c \u062d\u0645\u0644\u0627\u062a DoS \u0648 \u062a\u0632\u0631\u06cc\u0642 \u0641\u0631\u0645\u0627\u0646 \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f.\n\n\u0632\u06cc\u0645\u0646\u0633 \u0648\u0635\u0644\u0647 \u0647\u0627\u06cc\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u0628\u0631\u062e\u06cc \u0627\u0632 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0622\u0633\u06cc\u0628 \u062f\u06cc\u062f\u0647 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a\u060c \u0627\u0645\u0627 \u0628\u0631\u0627\u06cc \u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 \u0622\u0646\u0647\u0627 \u0627\u0635\u0644\u0627\u062d\u0627\u062a\u06cc \u062f\u0631 \u0622\u06cc\u0646\u062f\u0647 \u0645\u0646\u062a\u0634\u0631 \u062e\u0648\u0627\u0647\u062f \u0634\u062f. \u062f\u0631 \u0627\u06cc\u0646 \u0645\u06cc\u0627\u0646\u060c \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u06a9\u0627\u0647\u0634\u06cc \u0648 \u0631\u0627\u0647\u200c\u062d\u0644\u200c\u0647\u0627\u06cc\u06cc \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a\u0647 \u0627\u0633\u062a.\n\n\u0627\u0634\u0646\u0627\u06cc\u062f\u0631 \u0627\u0644\u06a9\u062a\u0631\u06cc\u06a9\n\n\u0627\u0634\u0646\u0627\u06cc\u062f\u0631 \u0627\u0644\u06a9\u062a\u0631\u06cc\u06a9 \u062a\u0646\u0647\u0627 \u0633\u0647 \u062a\u0648\u0635\u06cc\u0647 \u062c\u062f\u06cc\u062f \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0634\u0634 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u067e\u0648\u0634\u0634 \u0645\u06cc \u062f\u0647\u062f.\n\n\u0628\u0631 \u0627\u0633\u0627\u0633 \u0646\u0645\u0631\u0627\u062a CVSS\u060c \u0645\u0647\u0645\u062a\u0631\u06cc\u0646 \u062a\u0648\u0635\u06cc\u0647 \u0686\u0647\u0627\u0631 \u0646\u0642\u0635 \u0645\u0647\u0645 \u0648 \u0628\u0627 \u0634\u062f\u062a \u0628\u0627\u0644\u0627 \u0631\u0627 \u067e\u0648\u0634\u0634 \u0645\u06cc \u062f\u0647\u062f \u06a9\u0647 \u0628\u0631 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0646\u0638\u0627\u0631\u062a \u0622\u0646\u0644\u0627\u06cc\u0646 APC Easy UPS \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc \u06af\u0630\u0627\u0631\u062f. \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631\u060c \u0627\u0641\u0632\u0627\u06cc\u0634 \u0627\u0645\u062a\u06cc\u0627\u0632 \u06cc\u0627 \u062f\u0648\u0631 \u0632\u062f\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0634\u0648\u062f.\n\n\u062a\u0648\u0635\u06cc\u0647 \u062f\u0648\u0645 \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u062c\u0648\u0632 \u0646\u0627\u0645\u0646\u0627\u0633\u0628 \u0628\u0627 \u0634\u062f\u062a \u0628\u0627\u0644\u0627 \u0631\u0627 \u062a\u0648\u0635\u06cc\u0641 \u0645\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0622\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0648 \u0627\u0641\u0634\u0627\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0634\u0648\u062f.\n\n\u0622\u062e\u0631\u06cc\u0646 \u062a\u0648\u0635\u06cc\u0647 \u06cc\u06a9 \u0645\u0634\u06a9\u0644 DoS \u0628\u0627 \u0634\u062f\u062a \u0645\u062a\u0648\u0633\u0637 \u200b\u200b\u0631\u0627 \u062a\u0648\u0635\u06cc\u0641 \u0645\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0631 \u0648\u0627\u062d\u062f \u067e\u0627\u06cc\u0627\u0646\u0647 \u0631\u0627\u0647 \u062f\u0648\u0631 Saitel DR (RTU) \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc \u06af\u0630\u0627\u0631\u062f.\n\n\u0627\u0634\u0646\u0627\u06cc\u062f\u0631 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627\u06cc \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u0648 \u0633\u06cc\u0633\u062a\u0645\u200c\u0627\u0641\u0632\u0627\u0631\u06cc \u0631\u0627 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0627\u06cc\u062f \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0631\u0627 \u0628\u0631\u0637\u0631\u0641 \u06a9\u0646\u062f\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2022-12-15T09:26:43.000000Z"}, {"uuid": "cdd7091e-c64b-466b-b7f4-125a6a2e01ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/ctinow/73035", "content": "CVE ALERT! OpenSSL CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows\n\nhttps://ift.tt/4kYjHWb", "creation_timestamp": "2022-11-02T22:16:40.000000Z"}, {"uuid": "f987dee3-a39f-4d9d-a03f-a120d9a9934a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/ctinow/72926", "content": "High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)\n\nhttps://ift.tt/HB871tA", "creation_timestamp": "2022-11-02T16:12:00.000000Z"}, {"uuid": "a5f40599-78d3-41ad-a1bd-dabc63dbc6ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/ctinow/72712", "content": "High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)\n\nhttps://ift.tt/iLC580f", "creation_timestamp": "2022-11-01T20:11:17.000000Z"}, {"uuid": "8024ac07-c818-4bbb-87ba-a272478e053a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3486", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aDetects attempts at exploitation of CVE-2022-3602, a remote code execution vulnerability in OpenSSL v 3.0.0 through v.3.0.6 \nURL\uff1ahttps://github.com/corelight/CVE-2022-3602\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-24T05:28:12.000000Z"}, {"uuid": "dd1b795b-7476-4c38-8551-2f1c143912e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36026", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13074", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-36026\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.\n\ud83d\udccf Published: 2022-09-16T22:05:20.000Z\n\ud83d\udccf Modified: 2025-04-23T17:01:11.089Z\n\ud83d\udd17 References:\n1. https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq\n2. https://github.com/tensorflow/tensorflow/commit/f3f9cb38ecfe5a8a703f2c4a8fead434ef291713", "creation_timestamp": "2025-04-23T17:04:43.000000Z"}, {"uuid": "e956e56f-ad29-40bf-ba2d-353a185d2222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/TopCyberTechNews/192", "content": "Top Security News for 04/11/2022\n\nStopping C2 communications in human-operated ransomware through network protection\nhttps://www.microsoft.com/en-us/security/blog/2022/11/03/stopping-c2-communications-in-human-operated-ransomware-through-network-protection/ \n\nResearchers Discover Link In Tooling Between FIN7 And Black Basta Ransomware Group\nhttps://packetstormsecurity.com/news/view/34003/Researchers-Discover-Link-In-Tooling-Between-FIN7-And-Black-Basta-Ransomware-Group.html \n\nCombining Powershell Scripts\nhttps://0x00sec.org/t/combining-powershell-scripts/31978 \n\nWhy Identity &amp; Access Management Governance is a Core Part of Your SaaS Security\nhttps://thehackernews.com/2022/11/why-identity-access-management.html \n\nCVE-2022-3602 &amp; CVE-2022-3786 - OSS tools to detect susceptibility to the recent OpenSSL issues\nhttps://www.reddit.com/r/netsec/comments/ykzip5/cve20223602_cve20223786_oss_tools_to_detect/ \n\nNuke Experts Are Horrified by Biden\u2019s New \u2018Nuclear Posture Review\u2019\nhttps://www.vice.com/en_us/article/n7zk9w/nuke-experts-are-horrified-by-bidens-new-nuclear-posture-review \n\nWhy Did the OpenSSL Punycode Vulnerability Happen\nhttps://www.reddit.com/r/netsec/comments/ylgnxb/why_did_the_openssl_punycode_vulnerability_happen/ \n\nReverse Branch Target Buffer Poisoning - new ASLR bypass technique using CPU vulnerabilities [PDF]\nhttps://www.reddit.com/r/netsec/comments/yls06p/reverse_branch_target_buffer_poisoning_new_aslr/ \n\nThreat Model Examples\nhttps://www.reddit.com/r/netsec/comments/yl7xx0/threat_model_examples/ \n\nCyberspace \u2018a battleground\u2019 as reports of cybercrime in Australia jump 13%\nhttps://www.theguardian.com/australia-news/2022/nov/04/cyberspace-a-battleground-as-reports-of-cybercrime-in-australia-jump-13 \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2022-11-04T08:00:05.000000Z"}, {"uuid": "00002aba-7235-481f-b00c-3d56622cddf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/ctinow/73364", "content": "CVE-2022-3602 and CVE-2022-3786 OpenSSL Vulnerabilities: Scanning Container Images\n\nhttps://ift.tt/nDLZdmp", "creation_timestamp": "2022-11-03T23:06:27.000000Z"}, {"uuid": "73cd3826-0920-4d8b-84ff-0c09bebbece1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/ctinow/72717", "content": "What the OpenSSL Vulnerabilities Are\u2026and Aren\u2019t (CVE-2022-3786 &amp; CVE-2022-3602)\n\nhttps://ift.tt/Ys34Elk", "creation_timestamp": "2022-11-01T20:46:42.000000Z"}, {"uuid": "685c80dd-c78e-415a-aedc-e5138f24f593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/575", "content": "\u200b\u200bCVE-2022-3602 DOS poc\n\nBuffer Overflow DOS in OpenSSL 3.0 &lt; 3.0.7\n\nhttps://github.com/eatscrayon/CVE-2022-3602-poc\n\nDetails:\nhttps://securitylabs.datadoghq.com/articles/openssl-november-1-vulnerabilities/#exploitation-technical-details/\n\n#cve #poc", "creation_timestamp": "2022-11-05T18:38:58.000000Z"}, {"uuid": "3c1c7799-af6c-46af-aece-eb3423a870f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/arpsyndicate/230", "content": "#ExploitObserverAlert\n\nCVE-2022-3602\n\nDESCRIPTION: Exploit Observer has 94 entries related to CVE-2022-3602. A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\nFIRST-EPSS: 0.023270000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-11-17T07:21:46.000000Z"}, {"uuid": "d342af97-2a5d-4566-a084-90dccbcf2953", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/572", "content": "\u200b\u200bcve-2022-3602-and-cve-2022-3786-openssl-poc\n\nPosted our technical analyses of the two OpenSSL vulns published yesterday, along with a simple PoC repo.\n\n\u25ab\ufe0f CVE-2022-3602: https://attackerkb.com/topics/GMp2yGvZCw/cve-2022-3602/rapid7-analysis\n\u25ab\ufe0f CVE-2022-3786: https://attackerkb.com/topics/CKTqMzGksY/cve-2022-3786/rapid7-analysis\n\nhttps://github.com/rbowes-r7/cve-2022-3602-and-cve-2022-3786-openssl-poc\n\n#cve #poc", "creation_timestamp": "2022-11-28T19:10:49.000000Z"}, {"uuid": "5b519973-419c-40a3-ae19-dafeb0cb33ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/561", "content": "\u200b\u200bCVE\u22122022-3602\n\nThis document and repository is a write-up of CVE\u22122022-3602, a punycode buffer overflow issue in OpenSSL. It's an \"anti-POC\" (the issue does not appear to exploitable) intended for folks who maintain their own OpenSSL builds and for compiler maintainers.\n\nThere is a seperate CVE in the same release, CVE-2022-3786, which also leads to buffer overflows but an attacker can't control the content in that case. There is no reproduction for that issue here, but that issue can lead to a Denial of Service due to crash.\n\nCrashes and Buffer over\ufb02lows are never good and if you are using OpenSSL 3.0.x, it is prudent to update as soon as possible.\n\nhttps://github.com/colmmacc/CVE-2022-3602\n\n#cve #poc", "creation_timestamp": "2022-11-02T12:14:42.000000Z"}, {"uuid": "7b4a5c72-d448-4c99-8ace-05f1284677e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/555", "content": "\u200b\u200b2022 OpenSSL vulnerability - CVE-2022-3602\n\nOperational information about the recently announced vulnerability in OpenSSL 3\n\nhttps://github.com/NCSC-NL/OpenSSL-2022", "creation_timestamp": "2022-11-28T19:07:49.000000Z"}, {"uuid": "be203a18-febc-435d-9516-f1bd8f3134aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/567", "content": "\u200b\u200bCVE\u22122022-3602\n\nThis document and repository is a write-up of CVE\u22122022-3602, a punycode buffer overflow issue in OpenSSL. It's an \"anti-POC\" (the issue does not appear to exploitable) intended for folks who maintain their own OpenSSL builds and for compiler maintainers.\n\nThere is a seperate CVE in the same release, CVE-2022-3786, which also leads to buffer overflows but an attacker can't control the content in that case. There is no reproduction for that issue here, but that issue can lead to a Denial of Service due to crash.\n\nCrashes and Buffer over\ufb02lows are never good and if you are using OpenSSL 3.0.x, it is prudent to update as soon as possible.\n\nhttps://github.com/colmmacc/CVE-2022-3602", "creation_timestamp": "2022-11-02T18:08:04.000000Z"}, {"uuid": "0ad2222e-6cc1-417a-ab9d-2d4ea3c3a260", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "Telegram/pDlVR56iY6rypUkhFLaqLdVNy7SeZGDsal8kYSFgYj64xD0", "content": "", "creation_timestamp": "2022-11-12T11:35:26.000000Z"}, {"uuid": "26ae17cb-6e5e-4ee2-8b2f-f6765c072e5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/breachdetector/135818", "content": "{\n  \"Source\": \"https://t.me/documentors\",\n  \"Content\": \"cve-2022-3602 &amp; cve-2022-3786PoC.zip 4.9 MB \ud83d\udca5Yet another PoC for OpenSSL vulnerabilities(CVE-2022-3602 &amp; CVE-2022-3786) \ud83d\udcc4For Questions and Purchase and place Orders Contact us: \ud83d\udece @darkamo https://t.me/documentors\", \n  \"author\": \"\u2693\ufe0f\ud835\udd07\ud835\udd2c\ud835\udd20\ud835\udd32\ud835\udd2a\ud835\udd22\ud835\udd2b\ud835\udd31\ud835\udd2c\ud835\udd2f\",\n  \"Detection Date\": \"04 Nov 2022\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 Data Leak monitoring system\ud83d\udd39", "creation_timestamp": "2022-11-04T15:01:29.000000Z"}, {"uuid": "f6398025-90dc-46a3-9d33-afd8d6fb8792", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "Telegram/maVNwqkvKoI_-We-7HJWis1i2Lya2THRlF9uHefKmtdKenQ", "content": "", "creation_timestamp": "2022-11-10T18:45:17.000000Z"}, {"uuid": "e7e8ac2d-7269-4fbe-8c55-dc7f72bf6488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/578", "content": "\u062a\u06a9\u0645\u06cc\u0644\u06cc:\n\n\u062f\u0631 \u0622\u062e\u0631\u06cc\u0646 \u0628\u0647 \u0631\u0648\u0632\u0633\u0627\u0646\u06cc \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u062c\u062f\u06cc\u062f\u062a\u0631\u06cc\u0646 \u0636\u0639\u0641 \u0627\u0645\u0646\u06cc\u062a\u06cc OpenSSL \u06a9\u0647 \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 CVE-2022-3786 \u0648 CVE-2022-3602 \u0645\u06cc \u0628\u0627\u0634\u062f\u060c \u062f\u0631\u062c\u0647 \u0627\u0647\u0645\u06cc\u062a \u0622\u0646 \u0627\u0632 Critical \u0628\u0647 High \u06a9\u0627\u0647\u0634 \u067e\u06cc\u062f\u0627 \u06a9\u0631\u062f.\n\u0647\u0645\u0686\u0646\u06cc\u0646 \u062a\u0648\u0636\u06cc\u062d\u0627\u062a \u062a\u06a9\u0645\u06cc\u0644\u06cc \u0648 \u0641\u0646\u06cc \u062f\u0631 \u062e\u0635\u0648\u0635 \u0627\u06cc\u0646 \u062f\u0648 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u06a9\u0647 \u0627\u0632 \u062c\u0646\u0633 Buffer Overflow \u0627\u0633\u062a \u0646\u06cc\u0632 \u0628\u0631\u0627\u06cc \u0639\u0644\u0627\u0642\u0647 \u0645\u0646\u062f\u0627\u0646 \u0627\u0631\u0627\u0626\u0647 \u0634\u062f.\n\u062f\u0631 \u0627\u062f\u0627\u0645\u0647 \u0628\u0647 \u0633\u0648\u0627\u0644\u0627\u062a \u0627\u062d\u062a\u0645\u0627\u0644\u06cc \u0648 \u0631\u0627\u0647\u0646\u0645\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0628\u0631\u0627\u06cc \u06a9\u0627\u0647\u0634 \u062e\u0637\u0631 \u06cc\u0627 \u0631\u06cc\u0633\u06a9 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u067e\u0631\u062f\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a.\n\u062c\u0632\u0626\u06cc\u0627\u062a \u06a9\u0627\u0645\u0644: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/", "creation_timestamp": "2022-11-10T21:29:01.000000Z"}, {"uuid": "3d37170d-a3e3-43c7-9e21-2207d723a640", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "Telegram/3oM_8rtYFXdsfwsCRZIhzQSFgMmLyHaIxMIGMBtG4r8bJZk", "content": "", "creation_timestamp": "2022-12-23T05:13:05.000000Z"}, {"uuid": "19243fbd-2185-4ab1-bd81-d7c07ef90236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/true_secator/3834", "content": "\u0422\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u043e \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0435 \u0433\u0438\u0433\u0430\u043d\u0442\u044b Siemens \u0438 Schneider Electric \u0441\u043e\u0440\u0435\u0432\u043d\u0443\u044e\u0442\u0441\u044f \u0432 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438 \u0432 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u0440\u0430\u0437 Siemens \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u0433\u043e\u0440\u0430\u0437\u0434\u043e \u0431\u043e\u043b\u044c\u0448\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b \u043d\u0430 \u043f\u043e\u0440\u044f\u0434\u043e\u043a \u0431\u043e\u043b\u044c\u0448\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 20 \u043d\u043e\u0432\u044b\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0445 \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e 140 \u0434\u044b\u0440 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0414\u043b\u044f \u043e\u0434\u043d\u0438\u0445 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 OpenSSL \u0438 OpenSSH, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0445 \u043d\u0430 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u044b Scalance X-200RNA, \u0431\u044b\u043b\u043e \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043e \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 80 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0441 \u00ab\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439\u00bb \u043e\u0446\u0435\u043d\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u044d\u0442\u0438 \u0436\u0435 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u044b \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0448\u0435\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0445 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 (XSS), \u043e\u0442\u043a\u0430\u0437\u0430 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (DoS) \u0438 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0441\u0435\u0430\u043d\u0441\u0430.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Siemens \u043f\u0440\u043e\u0438\u043d\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0435\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0434\u0432\u0443\u043c \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u043c \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c OpenSSL, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u043c \u043a\u0430\u043a CVE-2022-3602 \u0438 CVE-2022-3786.\n\n\u0422\u0430\u043a\u0436\u0435 \u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u0445 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Sicam PAS, Apogee/Talon, Mendix, Teamcenter Visualization, JT2Go, Scalance, Simatic, Parasolid, Ruggedcom \u0438 Simcenter STAR-CCM+ \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u044b \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0435 \u0438\u0445.\n\n\u0412 \u0441\u043e\u0432\u043e\u043a\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0441\u043e\u0437\u0434\u0430\u044e\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0443\u0433\u0440\u043e\u0437\u044b \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, DoS-\u0430\u0442\u0430\u043a, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439.\n\n\u041e\u0434\u043d\u0430\u043a\u043e Siemens \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0435 \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u0438 \u0434\u043b\u044f \u043c\u043d\u043e\u0433\u0438\u0445 \u0438\u0437 \u043d\u0438\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0443\u0434\u0443\u0442 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u043f\u043e\u0437\u0436\u0435, \u0442\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u044b \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0435 \u043f\u0443\u0442\u0438 \u0434\u043b\u044f \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044f \u0438 \u043b\u043e\u043a\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0433\u0440\u043e\u0437.\n\n\u0412 Schneider Electric \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0442\u043e\u043b\u044c\u043a\u043e 3 \u043d\u043e\u0432\u044b\u0445 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044f, \u043f\u043e\u0441\u0432\u044f\u0449\u0435\u043d\u043d\u044b\u0445 6 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c.\n\n\u0421\u0430\u043c\u0430\u044f \u0432\u0430\u0436\u043d\u0430\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f \u043a\u043e\u0441\u043d\u0443\u043b\u0430\u0441\u044c \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0445 \u043d\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435 \u043e\u043d\u043b\u0430\u0439\u043d-\u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 APC Easy UPS, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430, \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438\u043b\u0438 \u043e\u0431\u0445\u043e\u0434\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0412\u0442\u043e\u0440\u043e\u0439 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0443 \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 DoS \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b (RTU) Saitel DR.\n\n\u0414\u043b\u044f \u0432\u0441\u0435\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0434\u043e\u043b\u0436\u043d\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.", "creation_timestamp": "2022-12-15T18:01:05.000000Z"}, {"uuid": "f6547465-3c77-43f1-9823-062cd26c7c69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/CyberSecurityIL/16060", "content": "\u05d6\u05d4 \u05dc\u05d0 \u05d4-log4j \u05d4\u05d1\u05d0, \u05d0\u05d1\u05dc \u05e9\u05ea\u05d9 \u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05d1\u05e1\u05e4\u05e8\u05d9\u05d9\u05ea \u05d4\u05e7\u05d5\u05d3 \u05d4\u05e4\u05ea\u05d5\u05d7 \u05d4\u05e4\u05d5\u05e4\u05d5\u05dc\u05e8\u05d9\u05ea OpenSSL \u05e4\u05d5\u05e8\u05e1\u05de\u05d5 \u05d4\u05d9\u05d5\u05dd, \u05de\u05d5\u05de\u05dc\u05e5 \u05dc\u05e2\u05d3\u05db\u05df.\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea CVE-2022-3602 \u05d5-\u00a0CVE-2022-3786 \u05de\u05d0\u05e4\u05e9\u05e8\u05d5\u05ea \u05dc\u05ea\u05d5\u05e7\u05e3 \u05dc\u05e0\u05e6\u05dc \u05d7\u05d5\u05dc\u05e9\u05d4 \u05d1\u05d2\u05e8\u05e1\u05d4 3.0 \u05d5\u05de\u05e2\u05dc\u05d4 \u05d5\u05dc\u05d2\u05e8\u05d5\u05dd \u05dc\u05d4\u05e8\u05e6\u05ea \u05e7\u05d5\u05d3 \u05de\u05e8\u05d7\u05d5\u05e7 \u05d0\u05d5 \u05d1\u05d9\u05e6\u05d5\u05e2 DDoS, \u05d1\u05ea\u05d7\u05d9\u05dc\u05d4 \u05d3\u05d5\u05e8\u05d2\u05d5 \u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05db\u05e7\u05e8\u05d9\u05d8\u05d9\u05d5\u05ea \u05d0\u05da \u05dc\u05d1\u05e1\u05d5\u05e3 \u05e8\u05de\u05ea \u05d4\u05d7\u05d5\u05de\u05e8\u05d4 \u05e9\u05d5\u05e0\u05ea\u05d4 \u05dc\u05e8\u05de\u05d4 \u05e0\u05de\u05d5\u05db\u05d4 \u05d9\u05d5\u05ea\u05e8.\n\n\u05d1\u05e9\u05dc\u05d1 \u05d6\u05d4 \u05e6\u05d5\u05d5\u05ea \u05d4\u05e4\u05e8\u05d5\u05d9\u05d9\u05e7\u05d8 \u05de\u05d5\u05e1\u05e8 \u05db\u05d9 \u05d4\u05d5\u05d0 \u05dc\u05d0 \u05de\u05db\u05d9\u05e8 \u05e0\u05d9\u05e6\u05d5\u05dc \u05e7\u05d9\u05d9\u05dd \u05dc\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05d0\u05dc\u05d5 \u05d0\u05da \u05de\u05e4\u05e6\u05d9\u05e8 \u05dc\u05e2\u05d3\u05db\u05df \u05dc\u05d2\u05e8\u05e1\u05d4 3.0.7 \u05d1\u05d4 \u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05e0\u05e1\u05d2\u05e8\u05d5.\n\nhttps://t.me/CyberSecurityIL/2338\n\nhttps://www.bleepingcomputer.com/news/security/openssl-fixes-two-high-severity-vulnerabilities-what-you-need-to-know/\n\n#\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea", "creation_timestamp": "2022-11-01T19:15:11.000000Z"}, {"uuid": "985ed27e-28f6-4d9c-8de9-1c2a3e9fbee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "Telegram/BvLKt3rLrvV1MavTWtzUjCGDDZdoZfIDa5boheIt5lY5uHc", "content": "", "creation_timestamp": "2022-11-01T18:14:16.000000Z"}, {"uuid": "01212e1d-3b39-41ec-b681-498a0069f217", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/true_secator/3668", "content": "\u041d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 Cisco \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0440\u044f\u0434 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445 \u0434\u043b\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u0438 \u0432\u0435\u0431-\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0421\u0430\u043c\u0443\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u0432 \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Cisco Identity Services Engine (ISE).\n\nISE \u2014 \u044d\u0442\u043e \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0430\u043c\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u0438 \u0434\u043b\u044f \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2022-20961, \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 8,8 \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (CSRF) \u0441 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435.\n\n\u041a\u0430\u043a \u043f\u0438\u0448\u0443\u0442 \u0432 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u0445, \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 CSRF \u0434\u043b\u044f \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u044d\u0442\u043e\u0439 \u0431\u0430\u0433\u043e\u0439, \u0443\u0431\u0435\u0434\u0438\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043f\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0441\u0441\u044b\u043b\u043a\u0435.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0442\u0430\u043a\u043e\u0433\u043e \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f \u0434\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u0414\u0440\u0443\u0433\u0430\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-20956 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 7,1) \u0432 \u0442\u043e\u043c \u0436\u0435 ISE \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0432 \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0433\u0434\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441\u043f\u043e\u0441\u043e\u0431\u0435\u043d \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0441\u0442\u0438 \u043e\u0448\u0438\u0431\u043a\u0443, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0441\u043f\u0438\u0441\u043e\u043a, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0438 \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u043a \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0443 \u043d\u0435\u0433\u043e \u043d\u0435 \u0434\u043e\u043b\u0436\u043d\u043e \u0431\u044b\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u0421\u043e \u0441\u043b\u043e\u0432 Cisco PSIRT, \u0432 \u0441\u0435\u0442\u0438 \u0443\u0436\u0435 \u0438\u043c\u0435\u0435\u0442\u0441\u044f \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0430\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0422\u0430\u043a\u0436\u0435 \u0418\u0422-\u0433\u0438\u0433\u0430\u043d\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SQL Injection CVE-2022-20867 \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 CVE-2022-20868 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Cisco ESA, Cisco Secure Email \u0438 Web Manager Next Generation Management.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u043f\u0440\u043e\u0447\u0435\u0433\u043e Cisco \u043f\u0440\u0438\u0441\u0442\u0430\u043b\u044c\u043d\u043e \u0438\u0437\u0443\u0447\u0430\u0435\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0435 \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043f\u0440\u0435\u0441\u043b\u043e\u0432\u0443\u0442\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 OpenSSL CVE-2022-3602 \u0438 CVE-2022-3786, \u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u044b \u043f\u0438\u0441\u0430\u043b\u0438 \u0440\u0430\u043d\u0435\u0435.", "creation_timestamp": "2022-11-07T13:16:19.000000Z"}, {"uuid": "2e257a12-395d-4ece-a0de-c7f8647eed30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/true_secator/3651", "content": "\u0428\u0438\u0440\u043e\u043a\u043e \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u0432 \u0438\u043d\u0444\u043e\u0441\u0435\u043a\u0435 \u043d\u043e\u0432\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f OpenSSL \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\nCVE-2022-3602 \u0438 CVE-2022-3786 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 OpenSSL \u0432\u0435\u0440\u0441\u0438\u0438 3.0.0 \u0438 \u0432\u044b\u0448\u0435 \u0438 \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 OpenSSL 3.0.7.\n\n\u041f\u0435\u0440\u0432\u0430\u044f CVE-2022-3602 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 4-\u0431\u0430\u0439\u0442\u043e\u0432\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0441\u0442\u0435\u043a\u0430, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0441\u0431\u043e\u0438 \u0438\u043b\u0438 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a2022-3602 \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u0434\u0440\u0443\u0433\u0430\u044f  CVE-2022-3786 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0447\u0435\u0440\u0435\u0437 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u0438 CVE-20\u0447\u0435\u0440\u0435\u0437 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430.\n\n\u041f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043d\u0438 \u043e \u043a\u0430\u043a\u043e\u043c \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0433 \u0431\u044b \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430, \u0438 \u0443 \u043d\u0438\u0445 \u043d\u0435\u0442 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u044d\u0442\u0438\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0412 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u043e\u0439\u00a0Open SSL, \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u0418\u0422-\u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b\u00a0\u0441 25 \u043e\u043a\u0442\u044f\u0431\u0440\u044f\u00a0\u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u044b\u00a0\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0438\u0441\u043a\u0430 \u0432 \u0441\u0432\u043e\u0438\u0445 \u0441\u0440\u0435\u0434\u0430\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 OpenSSL 3.0.7.\n\nOpenSSL \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043c\u0435\u0440\u044b \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439, \u0442\u0440\u0435\u0431\u0443\u044f \u043e\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0445 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 TLS, \u043e\u0442\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 TLS \u0434\u043e \u0442\u0435\u0445 \u043f\u043e\u0440, \u043f\u043e\u043a\u0430 \u043d\u0435 \u0431\u0443\u0434\u0443\u0442 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u0425\u043e\u0442\u044f \u0438 \u043d\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u043e \u043e\u0446\u0435\u043d\u043a\u0443 CVE-2022-3602 \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439, \u0432\u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0438 \u043e\u043d\u0430 \u0431\u044b\u043b\u0430 \u043f\u043e\u043d\u0438\u0436\u0435\u043d\u0430 \u0434\u043e \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438\u00a0\u0438 \u0432\u043b\u0438\u044f\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b OpenSSL 3.0 \u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0443\u0436\u0435 \u043f\u0440\u0438\u0440\u0430\u0432\u043d\u044f\u043b\u0438 \u0431\u0430\u0433\u0438 \u043a \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0438, \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0439\u043e\u0441\u0442\u0438.\n\nCVE-2022-\u0438\u0437 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 1 793 000 \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u043e\u043d\u043b\u0430\u0439\u043d-\u0445\u043e\u0441\u0442\u043e\u0432, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445\u0435\u0440\u0436\u0438\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 7000 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438.\n\nShodan\u00a0\u0434\u0430\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432 16 000 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 OpenSSL.\n\n\u041f\u043e\u0441\u043b\u0435 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0439 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, AWS, GCP, Azure, OCI \u0438 Alibaba Cloud) \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b Wiz.io \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043b\u0438\u0448\u044c 1,5% \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 OpenSSL.\n\n\u0412 \u0438\u0442\u043e\u0433\u0435: \u043c\u043d\u043e\u0433\u043e \u0448\u0443\u043c\u0430 \u0438\u0437 \u043d\u0438\u0447\u0435\u0433\u043e.", "creation_timestamp": "2022-11-02T13:35:04.000000Z"}, {"uuid": "c8fdaa1f-60db-401b-a06f-2558e0d999d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/ctinow/180300", "content": "https://ift.tt/Psc5Mzd\nCVE-2022-3602 | Oracle Essbase 21.5.3.0.0 Essbase Web Platform denial of service", "creation_timestamp": "2024-02-06T20:46:43.000000Z"}, {"uuid": "5a04ff23-fa15-4ebd-901d-f1b17b6fcbbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/intelexch/38006", "content": "https://github.com/cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786", "creation_timestamp": "2022-12-07T18:25:02.000000Z"}, {"uuid": "5c58bead-c1e4-446f-95e9-1d9ba2a4b85b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/cibsecurity/52407", "content": "\u203c CVE-2022-3602 \u203c\n\nA buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-01T21:19:03.000000Z"}, {"uuid": "f788b69f-f669-4883-9024-fcaa77d35acd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36021", "type": "seen", "source": "https://t.me/cibsecurity/59245", "content": "\u203c CVE-2022-36021 \u203c\n\nRedis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-01T18:33:46.000000Z"}, {"uuid": "b060c954-8ed6-445f-a529-f8fe72c956a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2452", "content": "#CVE-2022\n\nDetects attempts at exploitation of CVE-2022-3602, a remote code execution vulnerability in OpenSSL v 3.0.0 through v.3.0.6 \n\nhttps://github.com/corelight/CVE-2022-3602\n\n@BlueRedTeam", "creation_timestamp": "2022-11-14T07:05:30.000000Z"}, {"uuid": "03a77a7e-84c7-4b98-917e-1ac6a4e0b752", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36020", "type": "seen", "source": "https://t.me/cibsecurity/49660", "content": "\u203c CVE-2022-36020 \u203c\n\nThe typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows for a bypass of the cross-site scripting mechanism of `typo3/html-sanitizer`. This issue has been addressed in versions 1.0.7 and 2.0.16 of the `typo3/html-sanitizer` package. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T20:25:24.000000Z"}, {"uuid": "dac94391-28aa-4cb2-a4c9-a76e1dd16969", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/BlueRedTeam/2489", "content": "#CVE-2022\nOperational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3\n\nhttps://github.com/NCSC-NL/OpenSSL-2022\n\n@BlueRedTeam", "creation_timestamp": "2022-11-25T15:19:02.000000Z"}, {"uuid": "f03126e0-43cb-41d6-8e7e-3dfb5a14fd83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2507", "content": "#CVE-2022\nCVE-2022-39425 PoC\nhttps://github.com/bob11vrdp/CVE-2022-39425\n\nDetects attempts at exploitation of CVE-2022-3602, a remote code execution vulnerability in OpenSSL v 3.0.0 through v.3.0.6 \n\nhttps://github.com/corelight/CVE-2022-3602\n\n@BlueRedTeam", "creation_timestamp": "2022-12-06T11:13:04.000000Z"}, {"uuid": "96b1f050-2453-4d93-a027-1d8293535e22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2423", "content": "#CVE-2022\n\nSpookySSL CVE-2022-3602 SSLv3 Scanner for Windows, Linux, macOS\n\nhttps://github.com/alicangnll/SpookySSL-Scanner\n\n@BlueRedTeam", "creation_timestamp": "2022-11-03T07:43:58.000000Z"}, {"uuid": "e3c5e593-cd65-4c8a-bff9-e90d76c180f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36025", "type": "seen", "source": "https://t.me/cibsecurity/50433", "content": "\u203c CVE-2022-36025 \u203c\n\nBesu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. Where the amount of gas makes a difference in the success or failure, or if the gas is a negative 64 bit value, the execution will result in a different state root than expected, resulting in a consensus failure in networks with multiple EVM implementations. In networks with a single EVM implementation this can be used to execute with significantly more gas than then transaction requested, possibly exceeding gas limitations. This issue is patched in version 22.7.1. As a workaround, reverting to version 22.1.3 or earlier will prevent incorrect execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-26T11:46:39.000000Z"}, {"uuid": "22f13e56-dfa3-4962-b6d8-5fa14bd24d61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36023", "type": "seen", "source": "https://t.me/cibsecurity/48362", "content": "\u203c CVE-2022-36023 \u203c\n\nHyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns an error to the gateway client. There are no known workarounds, users must upgrade to version 2.4.6.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-18T20:29:06.000000Z"}, {"uuid": "6faeb225-595c-4300-80d1-42f9a44f0ec4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36024", "type": "seen", "source": "https://t.me/cibsecurity/48358", "content": "\u203c CVE-2022-36024 \u203c\n\nA fork of discord.py py-cord is a modern, easy to use, feature-rich, and async ready API wrapper for Discord written in Python. This issue allows users to be able to remotely shutdown the a bot running on py-cord, via adding it to a discord server with the `application.commands` scope but not the `bot` scope - then executing a command in that server. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-18T18:24:48.000000Z"}, {"uuid": "21e94e35-4ceb-41e2-893d-f69d3f21ac2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/thehackernews/2723", "content": "Nothing CRITICAL this time!\n\nOpenSSL has released patches for 2 new high-severity flaws (CVE-2022-3786 / CVE-2022-3602).\n\nhttps://thehackernews.com/2022/11/just-in-openssl-releases-patch-for-2.html\n\nCVE-2022-3602 has been downgraded from CRITICAL to HIGH as it cannot be exploited in most widely used architectures and platforms.", "creation_timestamp": "2022-11-01T17:28:35.000000Z"}, {"uuid": "b533b80e-b141-424b-a277-fb54892bc6c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/328", "content": "https://github.com/rbowes-r7/cve-2022-3602-and-cve-2022-3786-openssl-poc  \n#github", "creation_timestamp": "2022-11-14T08:56:42.000000Z"}, {"uuid": "d07e5e15-2cff-4970-8687-e7bb2032add7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "seen", "source": "https://t.me/thebugbountyhunter/6632", "content": "The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation\n\nhttps://securitylabs.datadoghq.com/articles/openssl-november-1-vulnerabilities/", "creation_timestamp": "2022-11-01T23:51:57.000000Z"}, {"uuid": "55a58255-5d60-43b7-a739-772a2d6cce45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7096", "content": "#Threat_Research\nThe OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation\nhttps://securitylabs.datadoghq.com/articles/openssl-november-1-vulnerabilities/#exploitation-technical-details\n]-&gt; https://github.com/eatscrayon/CVE-2022-3602-poc", "creation_timestamp": "2022-11-03T11:05:13.000000Z"}, {"uuid": "11fd5b5c-8609-4c98-ae44-ac813a3a183c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3602", "type": "published-proof-of-concept", "source": "https://t.me/club31337/1258", "content": "https://github.com/colmmacc/CVE-2022-3602", "creation_timestamp": "2024-11-09T21:05:50.000000Z"}]}