Skip to content

Instantly share code, notes, and snippets.

@jonrau1

jonrau1/cisa_kev_ocsf_osint_inventory.py

Created November 5, 2024 19:32
Show Gist options
  • Save jonrau1/874b75834ed7c91eff98306deac21123 to your computer and use it in GitHub Desktop.
Save jonrau1/874b75834ed7c91eff98306deac21123 to your computer and use it in GitHub Desktop.
Download ZIP
Python CLI utility to search the CISA KEV by CWE or CVE, and if a match is found, write a JSON file of KEV & Mitre CVEAWG data normalized into the Open Cybersecurity Schema Framework (OCSF) OSINT Inventory Information event class as a JSON file.
Raw
cisa_kev_ocsf_osint_inventory.py
import logging
import datetime
import requests
from time import sleep
import json
from re import search
import argparse
logger = logging.getLogger()
logging.basicConfig(level=logging.INFO)
TIME_NOW = datetime.datetime.now(datetime.UTC)
FIFTEEN_MINUTES_AGO = TIME_NOW - datetime.timedelta(minutes=15)
FIFTEEN_MINUTES_AGO = FIFTEEN_MINUTES_AGO.strftime("%Y-%m-%d %H:%M:%S.%f")
CVE_DETAIL_URL_ROOT = "https://cveawg.mitre.org/api/cve/"
SEMVER_PATCH_PATTERN = r"\b\d+\.\d+\.\d+\b"
SEMVER_MINOR_PATTERN = r"\b\d+\.\d+\b"
def searchCisaKevForCweId(targetVulnId: str) -> list[dict[str | int | bool | None]]:
"""Searches the CISA KEV for a given CVE ID, if there is a match, enriches the data with NIST NVD AWG data and returns a list"""
enriched: list[dict[str | int | bool | None]] = []
kevSegment = [
cve for cve
in json.loads(
requests.get(
"https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
).text
)["vulnerabilities"]
if targetVulnId in cve["cwes"]
]
if kevSegment:
logger.info("%s was found in CISA KEV.", targetVulnId)
for kevs in kevSegment:
# process some shit from KEV
cveId = kevs["cveID"]
kevTitle = kevs["vulnerabilityName"]
kevDesc = kevs["shortDescription"]
r = requests.get(f"{CVE_DETAIL_URL_ROOT}{cveId}")
if r.status_code == 200:
cveEnrichmentData = json.loads(r.text)
cveEnrichmentData["kevVulnerabilityName"] = kevTitle
cveEnrichmentData["kevShortDescription"] = kevDesc
enriched.append(cveEnrichmentData)
logger.info("Got %s", cveId)
elif r.status_code == 429:
logger.warning("Throttled. Sleeping for 3 seconds...")
sleep(3)
rr = requests.get(f"{CVE_DETAIL_URL_ROOT}{cveId}")
cveEnrichmentData = json.loads(rr.text)
cveEnrichmentData["kevVulnerabilityName"] = kevTitle
cveEnrichmentData["kevShortDescription"] = kevDesc
enriched.append(cveEnrichmentData)
logger.info("Got %s", cveId)
else:
logger.error(f"FAIL FOR {cveId}!", r.status_code, r.reason)
continue
return enriched
else:
logger.warning("%s not found in CISA KEV.", targetVulnId)
def searchCisaKevForCveId(targetVulnId: str) -> list[dict[str | int | bool | None]]:
"""Searches the CISA KEV for a given CVE ID, if there is a match, enriches the data with NIST NVD AWG data and returns a list"""
enriched: list[dict[str | int | bool | None]] = []
kevSegment = [
cve for cve
in json.loads(
requests.get(
"https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
).text
)["vulnerabilities"]
if cve["cveID"] == targetVulnId
]
if kevSegment:
logger.info("%s was found in CISA KEV.", targetVulnId)
for kevs in kevSegment:
# process some shit from KEV
cveId = kevs["cveID"]
kevTitle = kevs["vulnerabilityName"]
kevDesc = kevs["shortDescription"]
r = requests.get(f"{CVE_DETAIL_URL_ROOT}{cveId}")
if r.status_code == 200:
cveEnrichmentData = json.loads(r.text)
cveEnrichmentData["kevVulnerabilityName"] = kevTitle
cveEnrichmentData["kevShortDescription"] = kevDesc
enriched.append(cveEnrichmentData)
logger.info("Got %s", cveId)
elif r.status_code == 429:
logger.warning("Throttled. Sleeping for 3 seconds...")
sleep(3)
rr = requests.get(f"{CVE_DETAIL_URL_ROOT}{cveId}")
cveEnrichmentData = json.loads(rr.text)
cveEnrichmentData["kevVulnerabilityName"] = kevTitle
cveEnrichmentData["kevShortDescription"] = kevDesc
enriched.append(cveEnrichmentData)
logger.info("Got %s", cveId)
else:
logger.error(f"FAIL FOR {cveId}!", r.status_code, r.reason)
continue
return enriched
else:
logger.warning("%s not found in CISA KEV.", targetVulnId)
def extractSemver(cpeName: str) -> str | None:
"""Uses regex to return a string of major.minor.patch or major.minor semver from a CPE name"""
semverPatchMatch = search(SEMVER_PATCH_PATTERN, cpeName)
if semverPatchMatch:
return semverPatchMatch.group(0)
else:
semverMinorMatch = search(SEMVER_MINOR_PATTERN, cpeName)
if semverMinorMatch:
return semverMinorMatch.group(0)
else:
return None
def kevToOcsf(targetType: str, targetVulnId: str):
"""Converts CISA KEV + NVD AWG info into OSINT Inventory Info event class"""
kevOcsf: list[dict[str | int | bool | dict | None]] = []
if targetType == "CVE":
x = searchCisaKevForCveId(targetVulnId)
else:
x = searchCisaKevForCweId(targetVulnId)
for data in x:
affectedPackages: list[dict[str]] = []
cvssScore: list[dict[str,float]] = []
observables: list[dict[str,int]] = []
cveMetadata = data.get("cveMetadata")
cveId = cveMetadata["cveId"]
cveUrl = f"https://nvd.nist.gov/vuln/detail/{cveId}"
try:
cweId = str(data["containers"]["cna"]["problemTypes"][0]["descriptions"][0]["cweId"])
except KeyError:
cweId = None
try:
cweCaption = str(data["containers"]["cna"]["problemTypes"][0]["descriptions"][0]["description"])
except KeyError:
cweCaption = None
if cweId is not None:
cweNumber = cweId.split("CWE-")[1]
cweUrl = f"https://cwe.mitre.org/data/definitions/{cweNumber}.html"
observables.append(
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": cweId
}
)
else:
cweUrl = None
observables.append(
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": cveId
}
)
cveDescription = data["containers"]["cna"]["descriptions"][0]["value"]
cveRefs = data["containers"]["cna"]["references"][0]["url"]
datePublished = str(data.get("cveMetadata")["datePublished"]).replace("T"," ").replace("Z","")
dateUpdated = str(data.get("cveMetadata")["dateUpdated"]).replace("T"," ").replace("Z","")
dateReserved = str(data.get("cveMetadata")["dateReserved"]).replace("T"," ").replace("Z","")
# Build Affected Packages
for pkg in data["containers"]["cna"]["affected"]:
try:
packageName = pkg["product"]
except KeyError:
packageName = None
try:
if pkg["cpes"]:
for cpe in pkg["cpes"]:
affectedPackages.append(
{
"name": packageName,
"cpe_name": cpe,
"version": extractSemver(cpe),
"vendor_name": str(cveMetadata["assignerShortName"]).capitalize()
}
)
except KeyError:
if pkg["versions"]:
for ver in pkg["versions"]:
if isinstance(ver, dict):
pkgVer = ver.get("version", None)
else:
pkgVer = ver
affectedPackages.append(
{
"name": packageName,
"version": pkgVer,
"vendor_name": str(cveMetadata["assignerShortName"]).capitalize()
}
)
# Process CVSS just for 3.1
try:
cvssData: list[dict] = [metric for metric in data["containers"]["cna"]["metrics"] if metric["format"] == "CVSS" or metric["format"] == "cvssV3_1"]
if cvssData:
for cvss in cvssData:
cvssV31 = cvss.get("cvssV3_1")
if cvssV31:
cvssScore.append(
{
"base_score": cvssV31["baseScore"],
"severity": str(cvssV31["baseSeverity"]).lower().capitalize(),
"src_url": cveUrl,
"vector_string": cvssV31["vectorString"],
"vendor_name": str(cveMetadata["assignerShortName"]).capitalize(),
"version": "3.1",
"metrics": [
{
"name": "Attack Vector",
"value": str(cvssV31["attackVector"]).lower().capitalize()
},
{
"name": "Attack Complexity",
"value": str(cvssV31["attackVector"]).lower().capitalize()
},
{
"name": "Privileges Required",
"value": str(cvssV31["privilegesRequired"]).lower().capitalize()
},
{
"name": "User Interaction",
"value": str(cvssV31["userInteraction"]).lower().capitalize()
},
{
"name": "Scope",
"value": str(cvssV31["scope"]).lower().capitalize()
},
{
"name": "Confidentiality",
"value": str(cvssV31["confidentialityImpact"]).lower().capitalize()
},
{
"name": "Integrity",
"value": str(cvssV31["integrityImpact"]).lower().capitalize()
},
{
"name": "Availability",
"value": str(cvssV31["availabilityImpact"]).lower().capitalize()
}
]
}
)
except KeyError:
pass
ocsf = {
"activity_id": 2, # Collect
"category_uid": 5, # Discovery
"class_uid": 5021, # OSINT Inventory Info
"severity_id": 1, # Informational
"status_id": 1, # Success
"type_uid": 502102, # OSINT Inventory Info: Collect,
"start_time": dateReserved,
"time": FIFTEEN_MINUTES_AGO[:-3],
"message": data["kevVulnerabilityName"],
"metadata": {
"uid": cveId,
"correlation_uid": cveMetadata["assignerOrgId"],
"logged_time": datePublished,
"original_time": dateReserved,
"processed_time": FIFTEEN_MINUTES_AGO[:-3],
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": data.get("dataVersion")
}
},
"observables": observables,
"osint": [
{
"comment": data["kevShortDescription"],
"confidence_id": 3, # High
"value": cveId,
"type_id": 10, # Vulnerability
"name": data.get("dataType"),
"src_url": f"https://cveawg.mitre.org/api/cve/{cveId}",
"vendor_name": str(cveMetadata["assignerShortName"]).capitalize(),
"uid": cveMetadata["assignerOrgId"],
"vulnerabilities": [
{
"desc": cveDescription,
"first_seen_time": datePublished,
"last_seen_time": dateUpdated,
"vendor_name": str(cveMetadata["assignerShortName"]).capitalize(),
"title": cveId,
"is_exploit_available": True,
"exploit_last_seen_time": dateUpdated,
"references": [cveRefs,cveUrl],
"cve": {
"uid": cveId,
"created_time": dateReserved,
"modified_time": dateUpdated,
"references": [cveRefs,cveUrl],
"cvss": cvssScore
},
"cwe": {
"uid": cweId,
"caption": cweCaption,
"src_url": cweUrl
},
"affected_packages": affectedPackages
}
]
}
]
}
kevOcsf.append(ocsf)
with open(f"./ocsf_cisa_kev_{targetVulnId}.json", "w") as ocsfkevwriter:
json.dump(
kevOcsf,
ocsfkevwriter,
indent=4,
default=str
)
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="CISA KEV to OCSF OSINT Inventory Info")
parser.add_argument(
"-t", "--target_type",
choices=["CVE", "CWE"],
required=True,
help="Specify the target type. Supported values are CVE and CWE."
)
parser.add_argument(
"-v", "--target_vuln_id",
required=True,
help="Specify the target vulnerability ID (CVE ID or CWE ID)."
)
args = parser.parse_args()
kevToOcsf(args.target_type, args.target_vuln_id)
#
Raw
ocsf_cisa_kev_CWE-78.json
[
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2024-09-17 19:08:48.129",
"time": "2024-11-05 19:13:34.675",
"message": "PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2024-8957",
"correlation_uid": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"logged_time": "2024-09-17 20:08:25.588",
"original_time": "2024-09-17 19:08:48.129",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-78"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2024-8957"
}
],
"osint": [
{
"comment": "PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntp_addr parameter of the /cgi-bin/param.cgi CGI script. ",
"confidence_id": 3,
"value": "CVE-2024-8957",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2024-8957",
"vendor_name": "Vulncheck",
"uid": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"vulnerabilities": [
{
"desc": "PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.",
"first_seen_time": "2024-09-17 20:08:25.588",
"last_seen_time": "2024-11-04 17:20:22.792",
"vendor_name": "Vulncheck",
"title": "CVE-2024-8957",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-11-04 17:20:22.792",
"references": [
"https://ptzoptics.com/firmware-changelog/",
"https://nvd.nist.gov/vuln/detail/CVE-2024-8957"
],
"cve": {
"uid": "CVE-2024-8957",
"created_time": "2024-09-17 19:08:48.129",
"modified_time": "2024-11-04 17:20:22.792",
"references": [
"https://ptzoptics.com/firmware-changelog/",
"https://nvd.nist.gov/vuln/detail/CVE-2024-8957"
],
"cvss": [
{
"base_score": 7.2,
"severity": "High",
"src_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8957",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"vendor_name": "Vulncheck",
"version": "3.1",
"metrics": [
{
"name": "Attack Vector",
"value": "Network"
},
{
"name": "Attack Complexity",
"value": "Network"
},
{
"name": "Privileges Required",
"value": "High"
},
{
"name": "User Interaction",
"value": "None"
},
{
"name": "Scope",
"value": "Unchanged"
},
{
"name": "Confidentiality",
"value": "High"
},
{
"name": "Integrity",
"value": "High"
},
{
"name": "Availability",
"value": "High"
}
]
}
]
},
"cwe": {
"uid": "CWE-78",
"caption": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"src_url": "https://cwe.mitre.org/data/definitions/78.html"
},
"affected_packages": [
{
"name": "PT30X-SDI",
"version": "0",
"vendor_name": "Vulncheck"
},
{
"name": "PT30X-NDI",
"version": "0",
"vendor_name": "Vulncheck"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-06-30 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "DrayTek Multiple Vigor Routers OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2020-15415",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2020-06-30 13:37:56",
"original_time": "2020-06-30 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-15415"
}
],
"osint": [
{
"comment": "DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used.",
"confidence_id": 3,
"value": "CVE-2020-15415",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-15415",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.",
"first_seen_time": "2020-06-30 13:37:56",
"last_seen_time": "2024-10-04 13:28:53.824",
"vendor_name": "Mitre",
"title": "CVE-2020-15415",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-10-04 13:28:53.824",
"references": [
"https://www.draytek.com/about/security-advisory",
"https://nvd.nist.gov/vuln/detail/CVE-2020-15415"
],
"cve": {
"uid": "CVE-2020-15415",
"created_time": "2020-06-30 00:00:00",
"modified_time": "2024-10-04 13:28:53.824",
"references": [
"https://www.draytek.com/about/security-advisory",
"https://nvd.nist.gov/vuln/detail/CVE-2020-15415"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2023-02-06 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "D-Link DIR-820 Router OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2023-25280",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2023-03-16 00:00:00",
"original_time": "2023-02-06 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2023-25280"
}
],
"osint": [
{
"comment": "D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.",
"confidence_id": 3,
"value": "CVE-2023-25280",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2023-25280",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.",
"first_seen_time": "2023-03-16 00:00:00",
"last_seen_time": "2024-10-04 13:24:52.639",
"vendor_name": "Mitre",
"title": "CVE-2023-25280",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-10-04 13:24:52.639",
"references": [
"https://www.dlink.com/en/security-bulletin/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-25280"
],
"cve": {
"uid": "CVE-2023-25280",
"created_time": "2023-02-06 00:00:00",
"modified_time": "2024-10-04 13:24:52.639",
"references": [
"https://www.dlink.com/en/security-bulletin/",
"https://nvd.nist.gov/vuln/detail/CVE-2023-25280"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2024-08-26 19:12:19.826",
"time": "2024-11-05 19:13:34.675",
"message": "Ivanti Cloud Services Appliance OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2024-8190",
"correlation_uid": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"logged_time": "2024-09-10 20:33:44.793",
"original_time": "2024-08-26 19:12:19.826",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-78"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2024-8190"
}
],
"osint": [
{
"comment": "Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.",
"confidence_id": 3,
"value": "CVE-2024-8190",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2024-8190",
"vendor_name": "Ivanti",
"uid": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"vulnerabilities": [
{
"desc": "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.",
"first_seen_time": "2024-09-10 20:33:44.793",
"last_seen_time": "2024-09-16 13:24:41.628",
"vendor_name": "Ivanti",
"title": "CVE-2024-8190",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-09-16 13:24:41.628",
"references": [
"https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190",
"https://nvd.nist.gov/vuln/detail/CVE-2024-8190"
],
"cve": {
"uid": "CVE-2024-8190",
"created_time": "2024-08-26 19:12:19.826",
"modified_time": "2024-09-16 13:24:41.628",
"references": [
"https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190",
"https://nvd.nist.gov/vuln/detail/CVE-2024-8190"
],
"cvss": [
{
"base_score": 7.2,
"severity": "High",
"src_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8190",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"vendor_name": "Ivanti",
"version": "3.1",
"metrics": [
{
"name": "Attack Vector",
"value": "Network"
},
{
"name": "Attack Complexity",
"value": "Network"
},
{
"name": "Privileges Required",
"value": "High"
},
{
"name": "User Interaction",
"value": "None"
},
{
"name": "Scope",
"value": "Unchanged"
},
{
"name": "Confidentiality",
"value": "High"
},
{
"name": "Integrity",
"value": "High"
},
{
"name": "Availability",
"value": "High"
}
]
}
]
},
"cwe": {
"uid": "CWE-78",
"caption": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"src_url": "https://cwe.mitre.org/data/definitions/78.html"
},
"affected_packages": [
{
"name": "CSA (Cloud Services Appliance)",
"version": "4.6 Patch 519",
"vendor_name": "Ivanti"
},
{
"name": "CSA (Cloud Services Appliance)",
"version": "5.0",
"vendor_name": "Ivanti"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2023-11-08 15:08:07.660",
"time": "2024-11-05 19:13:34.675",
"message": "Cisco NX-OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2024-20399",
"correlation_uid": "d1c1063e-7a18-46af-9102-31f8928bc633",
"logged_time": "2024-07-01 16:11:44.028",
"original_time": "2023-11-08 15:08:07.660",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-78"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2024-20399"
}
],
"osint": [
{
"comment": "Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device.",
"confidence_id": 3,
"value": "CVE-2024-20399",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2024-20399",
"vendor_name": "Cisco",
"uid": "d1c1063e-7a18-46af-9102-31f8928bc633",
"vulnerabilities": [
{
"desc": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.\r\nNote: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials. The following Cisco devices already allow administrative users to access the underlying operating system through the bash-shell feature, so, for these devices, this vulnerability does not grant any additional privileges:\r\n\r\nNexus 3000 Series Switches\r\nNexus 7000 Series Switches that are running Cisco NX-OS Software releases 8.1(1) and later\r\nNexus 9000 Series Switches in standalone NX-OS mode",
"first_seen_time": "2024-07-01 16:11:44.028",
"last_seen_time": "2024-09-17 18:07:44.853",
"vendor_name": "Cisco",
"title": "CVE-2024-20399",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-09-17 18:07:44.853",
"references": [
"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP",
"https://nvd.nist.gov/vuln/detail/CVE-2024-20399"
],
"cve": {
"uid": "CVE-2024-20399",
"created_time": "2023-11-08 15:08:07.660",
"modified_time": "2024-09-17 18:07:44.853",
"references": [
"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP",
"https://nvd.nist.gov/vuln/detail/CVE-2024-20399"
],
"cvss": [
{
"base_score": 6,
"severity": "Medium",
"src_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20399",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"vendor_name": "Cisco",
"version": "3.1",
"metrics": [
{
"name": "Attack Vector",
"value": "Local"
},
{
"name": "Attack Complexity",
"value": "Local"
},
{
"name": "Privileges Required",
"value": "High"
},
{
"name": "User Interaction",
"value": "None"
},
{
"name": "Scope",
"value": "Unchanged"
},
{
"name": "Confidentiality",
"value": "High"
},
{
"name": "Integrity",
"value": "High"
},
{
"name": "Availability",
"value": "None"
}
]
}
]
},
"cwe": {
"uid": "CWE-78",
"caption": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"src_url": "https://cwe.mitre.org/data/definitions/78.html"
},
"affected_packages": [
{
"name": "Cisco NX-OS Software",
"version": "8.2(5)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(6)N1(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(5)D1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(6)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.2(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I5(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.2(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(7a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I4(5)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A6(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(1)D1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(14a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I4(6)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(4)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I4(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.2(2v)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A6(5b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(0)D1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(17a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I4(7)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(5)N1(1b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I4(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I4(8)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I4(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(4)N1(1c)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)IM3(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(5a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(11)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A6(4a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(9)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(5)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(4)D1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(20)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.2(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.2(2t)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.2(3y)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I4(1t)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(5c)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A6(4)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I7(6z)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(1)DY(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)F3(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(6)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(29)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I7(3z)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)IM7(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(11b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(9a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(0)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I7(5a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(11d)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I6(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(10)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.2(2)D1(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)IM3(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A6(8)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.2(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(2)N1(1c)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I5(3b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.3(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(5)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A6(2a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(2)N1(1b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(27)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(2)D1(3a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(1)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(7)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.2(4)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(4)N1(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(3)N1(4)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)IM3(2a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(8b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(10)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(3)N1(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(13)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)IC4(4)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(4)N1(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.1(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A6(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(5b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)F3(3c)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(3)D1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)F3(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(5)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)F3(5)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(2)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(3)N1(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.2(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A6(7)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I7(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(5a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(18)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A6(5)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)IM3(2b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(3)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(4a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I5(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I7(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(6)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I6(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.3(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(22)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(1)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.1(1b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(0)N1(1b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.2(2)D1(4)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(5)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(0)DX(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(4)N1(1d)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(2)D1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(2)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(8)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(1)N1(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)IM3(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(9b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(3)N1(2a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(0)N1(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(7)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I7(6)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(2)D1(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(25)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(3a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.0(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(11a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(11e)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(3)N1(5)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I4(8z)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(11)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I4(9)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(16)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(19)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.2(4)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(2a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.2(2)D1(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(0)N1(1b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I7(4)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I7(7)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(5b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(0)DY(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(9)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(5)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.2(1)D1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(15)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A6(6)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(10a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I5(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(1z)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.2(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(7)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(9c)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)F3(4)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(3)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(6b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I4(8b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.1(2a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(2)D1(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(8)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(11b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I4(6t)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I5(3a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.1(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(13a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(8)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I7(5)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)F3(3a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(0)N1(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(4)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A6(3a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A6(5a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)F2(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I4(8a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(9)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)F3(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(2a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(12)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(17)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I4(4)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(23)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(13b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(10)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(6a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(6)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(2)N1(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(14)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I7(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(14b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(21)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.2(2)D1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)F2(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)IA7(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)IA7(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(7b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(8a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(11c)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)F1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A6(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(0)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.2(0)D1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A6(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.1(4)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)A8(4a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(20a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(4)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(2)D1(1d)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(7)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(24)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(31)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I7(8)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.0(2)U6(10a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(7)N1(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(4)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(6)D1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(26)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.2(6)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(33)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(5)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(2a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(2b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(8)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I7(9)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(7)N1(1b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "6.2(24a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.5(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(6)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.1(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(4)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(7)D1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(2c)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(5w)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.2(7)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(9)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(7)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(7k)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I7(9w)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.2(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(8)N1(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(8)D1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(7a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.2(7a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(8)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(4a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(2d)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(10)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(5)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.0(3)I7(10)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(8)N1(1b)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.2(8)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.2(1q)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.2(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(9)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(9)D1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(11)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.2(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(6)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(2e)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(10)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(11)N1(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.2(2a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(12)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.2(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.2(9)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.3(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.2(4)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(13)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(7)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.3(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(6a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(11)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.3(3)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.2(5)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.4(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(2a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(2f)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.2(10)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(12)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.4(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(8)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.3(99w)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "7.3(14)N1(1)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.2(6)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.3(3w)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.3(99x)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.3(3o)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.4(9)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.3(4)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.3(3p)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.3(4a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.4(1a)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.4(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.3(3q)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.3(13)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "8.2(11)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "9.4(2)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.3(5)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.2(7)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.3(3x)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.3(4g)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.2(8)",
"vendor_name": "Cisco"
},
{
"name": "Cisco NX-OS Software",
"version": "10.3(3r)",
"vendor_name": "Cisco"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2024-05-06 22:21:01.742",
"time": "2024-11-05 19:13:34.675",
"message": "PHP-CGI OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2024-4577",
"correlation_uid": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"logged_time": "2024-06-09 19:42:36.464",
"original_time": "2024-05-06 22:21:01.742",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-78"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2024-4577"
}
],
"osint": [
{
"comment": "PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.",
"confidence_id": 3,
"value": "CVE-2024-4577",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2024-4577",
"vendor_name": "Php",
"uid": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"vulnerabilities": [
{
"desc": "In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use \"Best-Fit\" behavior to replace characters in command line given to\u00a0Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.",
"first_seen_time": "2024-06-09 19:42:36.464",
"last_seen_time": "2024-08-19 07:54:59.546",
"vendor_name": "Php",
"title": "CVE-2024-4577",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-19 07:54:59.546",
"references": [
"https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv",
"https://nvd.nist.gov/vuln/detail/CVE-2024-4577"
],
"cve": {
"uid": "CVE-2024-4577",
"created_time": "2024-05-06 22:21:01.742",
"modified_time": "2024-08-19 07:54:59.546",
"references": [
"https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv",
"https://nvd.nist.gov/vuln/detail/CVE-2024-4577"
],
"cvss": [
{
"base_score": 9.8,
"severity": "Critical",
"src_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4577",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vendor_name": "Php",
"version": "3.1",
"metrics": [
{
"name": "Attack Vector",
"value": "Network"
},
{
"name": "Attack Complexity",
"value": "Network"
},
{
"name": "Privileges Required",
"value": "None"
},
{
"name": "User Interaction",
"value": "None"
},
{
"name": "Scope",
"value": "Unchanged"
},
{
"name": "Confidentiality",
"value": "High"
},
{
"name": "Integrity",
"value": "High"
},
{
"name": "Availability",
"value": "High"
}
]
}
]
},
"cwe": {
"uid": "CWE-78",
"caption": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"src_url": "https://cwe.mitre.org/data/definitions/78.html"
},
"affected_packages": [
{
"name": "PHP",
"version": "8.1.*",
"vendor_name": "Php"
},
{
"name": "PHP",
"version": "8.2.*",
"vendor_name": "Php"
},
{
"name": "PHP",
"version": "8.3.*",
"vendor_name": "Php"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2016-12-06 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Oracle WebLogic Server OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2017-3506",
"correlation_uid": "43595867-4340-4103-b7a2-9a5208d29a85",
"logged_time": "2017-04-24 19:00:00",
"original_time": "2016-12-06 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2017-3506"
}
],
"osint": [
{
"comment": "Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document.",
"confidence_id": 3,
"value": "CVE-2017-3506",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2017-3506",
"vendor_name": "Oracle",
"uid": "43595867-4340-4103-b7a2-9a5208d29a85",
"vulnerabilities": [
{
"desc": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
"first_seen_time": "2017-04-24 19:00:00",
"last_seen_time": "2024-08-05 14:30:57.671",
"vendor_name": "Oracle",
"title": "CVE-2017-3506",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 14:30:57.671",
"references": [
"http://www.securitytracker.com/id/1038296",
"https://nvd.nist.gov/vuln/detail/CVE-2017-3506"
],
"cve": {
"uid": "CVE-2017-3506",
"created_time": "2016-12-06 00:00:00",
"modified_time": "2024-08-05 14:30:57.671",
"references": [
"http://www.securitytracker.com/id/1038296",
"https://nvd.nist.gov/vuln/detail/CVE-2017-3506"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.",
"src_url": null
},
"affected_packages": [
{
"name": "WebLogic Server",
"version": "10.3.6.0",
"vendor_name": "Oracle"
},
{
"name": "WebLogic Server",
"version": "12.1.3.0",
"vendor_name": "Oracle"
},
{
"name": "WebLogic Server",
"version": "12.2.1.0",
"vendor_name": "Oracle"
},
{
"name": "WebLogic Server",
"version": "12.2.1.1",
"vendor_name": "Oracle"
},
{
"name": "WebLogic Server",
"version": "12.2.1.2",
"vendor_name": "Oracle"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2019-01-31 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Nice Linear eMerge E3-Series OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2019-7256",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2019-07-02 00:00:00",
"original_time": "2019-01-31 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2019-7256"
}
],
"osint": [
{
"comment": "Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution.",
"confidence_id": 3,
"value": "CVE-2019-7256",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2019-7256",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "Linear eMerge E3-Series devices allow Command Injections.",
"first_seen_time": "2019-07-02 00:00:00",
"last_seen_time": "2024-08-04 20:46:45.713",
"vendor_name": "Mitre",
"title": "CVE-2019-7256",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 20:46:45.713",
"references": [
"https://applied-risk.com/labs/advisories",
"https://nvd.nist.gov/vuln/detail/CVE-2019-7256"
],
"cve": {
"uid": "CVE-2019-7256",
"created_time": "2019-01-31 00:00:00",
"modified_time": "2024-08-04 20:46:45.713",
"references": [
"https://applied-risk.com/labs/advisories",
"https://nvd.nist.gov/vuln/detail/CVE-2019-7256"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2021-07-12 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Sunhillo SureLine OS Command Injection Vulnerablity",
"metadata": {
"uid": "CVE-2021-36380",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2021-08-13 15:53:59",
"original_time": "2021-07-12 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2021-36380"
}
],
"osint": [
{
"comment": "Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/networkDiag.cgi.",
"confidence_id": 3,
"value": "CVE-2021-36380",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2021-36380",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.",
"first_seen_time": "2021-08-13 15:53:59",
"last_seen_time": "2024-08-04 00:54:51.484",
"vendor_name": "Mitre",
"title": "CVE-2021-36380",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 00:54:51.484",
"references": [
"https://www.sunhillo.com/product/sureline/",
"https://nvd.nist.gov/vuln/detail/CVE-2021-36380"
],
"cve": {
"uid": "CVE-2021-36380",
"created_time": "2021-07-12 00:00:00",
"modified_time": "2024-08-04 00:54:51.484",
"references": [
"https://www.sunhillo.com/product/sureline/",
"https://nvd.nist.gov/vuln/detail/CVE-2021-36380"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2023-12-01 02:30:49.222",
"time": "2024-11-05 19:13:34.675",
"message": "FXC AE1021, AE1021PE OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2023-49897",
"correlation_uid": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"logged_time": "2023-12-06 06:49:41.752",
"original_time": "2023-12-01 02:30:49.222",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2023-49897"
}
],
"osint": [
{
"comment": "FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network.",
"confidence_id": 3,
"value": "CVE-2023-49897",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2023-49897",
"vendor_name": "Jpcert",
"uid": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"vulnerabilities": [
{
"desc": "An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.",
"first_seen_time": "2023-12-06 06:49:41.752",
"last_seen_time": "2024-08-02 22:09:48.211",
"vendor_name": "Jpcert",
"title": "CVE-2023-49897",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-02 22:09:48.211",
"references": [
"https://www.fxc.jp/news/20231206",
"https://nvd.nist.gov/vuln/detail/CVE-2023-49897"
],
"cve": {
"uid": "CVE-2023-49897",
"created_time": "2023-12-01 02:30:49.222",
"modified_time": "2024-08-02 22:09:48.211",
"references": [
"https://www.fxc.jp/news/20231206",
"https://nvd.nist.gov/vuln/detail/CVE-2023-49897"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "OS command injection",
"src_url": null
},
"affected_packages": [
{
"name": "AE1021PE",
"version": "2.0.9 and earlier",
"vendor_name": "Jpcert"
},
{
"name": "AE1021",
"version": "2.0.9 and earlier",
"vendor_name": "Jpcert"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2023-11-06 14:11:12.322",
"time": "2024-11-05 19:13:34.675",
"message": "QNAP VioStor NVR OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2023-47565",
"correlation_uid": "2fd009eb-170a-4625-932b-17a53af1051f",
"logged_time": "2023-12-08 16:06:29.861",
"original_time": "2023-11-06 14:11:12.322",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-78"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2023-47565"
}
],
"osint": [
{
"comment": "QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.",
"confidence_id": 3,
"value": "CVE-2023-47565",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2023-47565",
"vendor_name": "Qnap",
"uid": "2fd009eb-170a-4625-932b-17a53af1051f",
"vulnerabilities": [
{
"desc": "An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\n\nQVR Firmware 5.0.0\u00a0and later\n\n",
"first_seen_time": "2023-12-08 16:06:29.861",
"last_seen_time": "2024-08-02 21:09:37.379",
"vendor_name": "Qnap",
"title": "CVE-2023-47565",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-02 21:09:37.379",
"references": [
"https://www.qnap.com/en/security-advisory/qsa-23-48",
"https://nvd.nist.gov/vuln/detail/CVE-2023-47565"
],
"cve": {
"uid": "CVE-2023-47565",
"created_time": "2023-11-06 14:11:12.322",
"modified_time": "2024-08-02 21:09:37.379",
"references": [
"https://www.qnap.com/en/security-advisory/qsa-23-48",
"https://nvd.nist.gov/vuln/detail/CVE-2023-47565"
],
"cvss": [
{
"base_score": 8,
"severity": "High",
"src_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47565",
"vector_string": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vendor_name": "Qnap",
"version": "3.1",
"metrics": [
{
"name": "Attack Vector",
"value": "Adjacent_network"
},
{
"name": "Attack Complexity",
"value": "Adjacent_network"
},
{
"name": "Privileges Required",
"value": "Low"
},
{
"name": "User Interaction",
"value": "None"
},
{
"name": "Scope",
"value": "Unchanged"
},
{
"name": "Confidentiality",
"value": "High"
},
{
"name": "Integrity",
"value": "High"
},
{
"name": "Availability",
"value": "High"
}
]
}
]
},
"cwe": {
"uid": "CWE-78",
"caption": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"src_url": "https://cwe.mitre.org/data/definitions/78.html"
},
"affected_packages": [
{
"name": "VioStor NVR",
"version": "4.x",
"vendor_name": "Qnap"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2022-10-27 18:47:50.373",
"time": "2024-11-05 19:13:34.675",
"message": "Cisco IOS XE Web UI Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2023-20273",
"correlation_uid": "d1c1063e-7a18-46af-9102-31f8928bc633",
"logged_time": "2023-10-24 14:13:36.311",
"original_time": "2022-10-27 18:47:50.373",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-78"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2023-20273"
}
],
"osint": [
{
"comment": "Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.",
"confidence_id": 3,
"value": "CVE-2023-20273",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2023-20273",
"vendor_name": "Cisco",
"uid": "d1c1063e-7a18-46af-9102-31f8928bc633",
"vulnerabilities": [
{
"desc": "A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.",
"first_seen_time": "2023-10-24 14:13:36.311",
"last_seen_time": "2024-10-23 18:57:38.005",
"vendor_name": "Cisco",
"title": "CVE-2023-20273",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-10-23 18:57:38.005",
"references": [
"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z",
"https://nvd.nist.gov/vuln/detail/CVE-2023-20273"
],
"cve": {
"uid": "CVE-2023-20273",
"created_time": "2022-10-27 18:47:50.373",
"modified_time": "2024-10-23 18:57:38.005",
"references": [
"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z",
"https://nvd.nist.gov/vuln/detail/CVE-2023-20273"
],
"cvss": [
{
"base_score": 7.2,
"severity": "High",
"src_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20273",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"vendor_name": "Cisco",
"version": "3.1",
"metrics": [
{
"name": "Attack Vector",
"value": "Network"
},
{
"name": "Attack Complexity",
"value": "Network"
},
{
"name": "Privileges Required",
"value": "High"
},
{
"name": "User Interaction",
"value": "None"
},
{
"name": "Scope",
"value": "Unchanged"
},
{
"name": "Confidentiality",
"value": "High"
},
{
"name": "Integrity",
"value": "High"
},
{
"name": "Availability",
"value": "High"
}
]
}
]
},
"cwe": {
"uid": "CWE-78",
"caption": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"src_url": "https://cwe.mitre.org/data/definitions/78.html"
},
"affected_packages": [
{
"name": "Cisco IOS XE Software",
"version": "16.1.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.1.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.1.3",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.2.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.2.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.3.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.3.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.3.3",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.3.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.3.4",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.3.5",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.3.5b",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.3.6",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.3.7",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.3.8",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.3.9",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.3.10",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.3.11",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.4.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.4.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.4.3",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.5.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.5.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.5.1b",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.5.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.5.3",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.6.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.6.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.6.3",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.6.4",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.6.5",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.6.4a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.6.5a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.6.6",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.6.7",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.6.8",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.6.9",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.6.10",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.7.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.7.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.7.1b",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.7.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.7.3",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.7.4",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.8.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.8.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.8.1b",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.8.1s",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.8.1c",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.8.1d",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.8.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.8.1e",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.8.3",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.9.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.9.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.9.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.9.1b",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.9.1s",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.9.3",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.9.4",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.9.3a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.9.5",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.9.5f",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.9.6",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.9.7",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.9.8",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.10.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.10.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.10.1b",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.10.1s",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.10.1c",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.10.1e",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.10.1d",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.10.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.10.1f",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.10.1g",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.10.3",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.11.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.11.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.11.1b",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.11.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.11.1s",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.1s",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.1c",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.1w",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.1y",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.2a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.3",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.8",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.2s",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.1x",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.1t",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.4",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.3s",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.3a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.4a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.5",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.6",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.1z1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.5a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.5b",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.1z2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.6a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.7",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.9",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "16.12.10",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.1.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.1.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.1.1s",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.1.1t",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.1.3",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.2.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.2.1r",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.2.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.2.1v",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.2.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.2.3",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.3",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.1w",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.2a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.1x",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.1z",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.4",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.5",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.4a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.6",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.4b",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.4c",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.5a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.5b",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.7",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.3.8",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.4.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.4.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.4.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.4.1b",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.4.2a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.5.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.5.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.5.1b",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.5.1c",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.6.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.6.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.6.1w",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.6.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.6.1x",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.6.3",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.6.1y",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.6.1z",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.6.3a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.6.4",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.6.1z1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.6.5",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.6.6",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.7.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.7.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.7.1b",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.7.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.10.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.10.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.10.1b",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.8.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.8.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.9.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.9.1w",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.9.2",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.9.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.9.1x",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.9.1y",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.9.3",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.9.2a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.9.1x1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.9.3a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.9.4",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.9.1y1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.11.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.11.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.12.1",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.12.1a",
"vendor_name": "Cisco"
},
{
"name": "Cisco IOS XE Software",
"version": "17.11.99SW",
"vendor_name": "Cisco"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2017-03-14 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Zyxel EMG2926 Routers Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2017-6884",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2017-04-06 17:00:00",
"original_time": "2017-03-14 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2017-6884"
}
],
"osint": [
{
"comment": "Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.",
"confidence_id": 3,
"value": "CVE-2017-6884",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2017-6884",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.",
"first_seen_time": "2017-04-06 17:00:00",
"last_seen_time": "2024-08-05 15:41:17.762",
"vendor_name": "Mitre",
"title": "CVE-2017-6884",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 15:41:17.762",
"references": [
"https://www.exploit-db.com/exploits/41782/",
"https://nvd.nist.gov/vuln/detail/CVE-2017-6884"
],
"cve": {
"uid": "CVE-2017-6884",
"created_time": "2017-03-14 00:00:00",
"modified_time": "2024-08-05 15:41:17.762",
"references": [
"https://www.exploit-db.com/exploits/41782/",
"https://nvd.nist.gov/vuln/detail/CVE-2017-6884"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2019-05-02 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Zyxel P660HN-T1A Routers Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2017-18368",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2019-05-02 16:14:16",
"original_time": "2019-05-02 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2017-18368"
}
],
"osint": [
{
"comment": "Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host parameter of the ViewLog.asp page.",
"confidence_id": 3,
"value": "CVE-2017-18368",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2017-18368",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.",
"first_seen_time": "2019-05-02 16:14:16",
"last_seen_time": "2024-08-05 21:20:50.893",
"vendor_name": "Mitre",
"title": "CVE-2017-18368",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 21:20:50.893",
"references": [
"https://seclists.org/fulldisclosure/2017/Jan/40",
"https://nvd.nist.gov/vuln/detail/CVE-2017-18368"
],
"cve": {
"uid": "CVE-2017-18368",
"created_time": "2019-05-02 00:00:00",
"modified_time": "2024-08-05 21:20:50.893",
"references": [
"https://seclists.org/fulldisclosure/2017/Jan/40",
"https://nvd.nist.gov/vuln/detail/CVE-2017-18368"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2022-04-16 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "SolarView Compact Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2022-29303",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2022-05-12 15:17:16",
"original_time": "2022-04-16 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2022-29303"
}
],
"osint": [
{
"comment": "SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server.",
"confidence_id": 3,
"value": "CVE-2022-29303",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2022-29303",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.",
"first_seen_time": "2022-05-12 15:17:16",
"last_seen_time": "2024-08-03 06:17:54.652",
"vendor_name": "Mitre",
"title": "CVE-2022-29303",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-03 06:17:54.652",
"references": [
"https://drive.google.com/drive/folders/1tGr-WExbpfvhRg31XCoaZOFLWyt3r60g?usp=sharing",
"https://nvd.nist.gov/vuln/detail/CVE-2022-29303"
],
"cve": {
"uid": "CVE-2022-29303",
"created_time": "2022-04-16 00:00:00",
"modified_time": "2024-08-03 06:17:54.652",
"references": [
"https://drive.google.com/drive/folders/1tGr-WExbpfvhRg31XCoaZOFLWyt3r60g?usp=sharing",
"https://nvd.nist.gov/vuln/detail/CVE-2022-29303"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2019-10-16 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "D-Link DIR-859 Router Command Execution Vulnerability",
"metadata": {
"uid": "CVE-2019-17621",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2019-12-30 16:09:17",
"original_time": "2019-10-16 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2019-17621"
}
],
"osint": [
{
"comment": "D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.",
"confidence_id": 3,
"value": "CVE-2019-17621",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2019-17621",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.",
"first_seen_time": "2019-12-30 16:09:17",
"last_seen_time": "2024-08-05 01:47:13.504",
"vendor_name": "Mitre",
"title": "CVE-2019-17621",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 01:47:13.504",
"references": [
"https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
"https://nvd.nist.gov/vuln/detail/CVE-2019-17621"
],
"cve": {
"uid": "CVE-2019-17621",
"created_time": "2019-10-16 00:00:00",
"modified_time": "2024-08-05 01:47:13.504",
"references": [
"https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
"https://nvd.nist.gov/vuln/detail/CVE-2019-17621"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-03-05 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "D-Link DWL-2600AP Access Point Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2019-20500",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2020-03-05 14:37:00",
"original_time": "2020-03-05 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2019-20500"
}
],
"osint": [
{
"comment": "D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.",
"confidence_id": 3,
"value": "CVE-2019-20500",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2019-20500",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.",
"first_seen_time": "2020-03-05 14:37:00",
"last_seen_time": "2024-08-05 02:46:08.486",
"vendor_name": "Mitre",
"title": "CVE-2019-20500",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 02:46:08.486",
"references": [
"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113",
"https://nvd.nist.gov/vuln/detail/CVE-2019-20500"
],
"cve": {
"uid": "CVE-2019-20500",
"created_time": "2020-03-05 00:00:00",
"modified_time": "2024-08-05 02:46:08.486",
"references": [
"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113",
"https://nvd.nist.gov/vuln/detail/CVE-2019-20500"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2023-03-09 08:44:12.874",
"time": "2024-11-05 19:13:34.675",
"message": "Zyxel Multiple NAS Devices Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2023-27992",
"correlation_uid": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"logged_time": "2023-06-19 11:42:41.774",
"original_time": "2023-03-09 08:44:12.874",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-78"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2023-27992"
}
],
"osint": [
{
"comment": "Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request.",
"confidence_id": 3,
"value": "CVE-2023-27992",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2023-27992",
"vendor_name": "Zyxel",
"uid": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"vulnerabilities": [
{
"desc": "The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to\u00a0V5.21(AAZF.14)C0, NAS540 firmware versions prior to\u00a0V5.21(AATB.11)C0, and NAS542\u00a0firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.",
"first_seen_time": "2023-06-19 11:42:41.774",
"last_seen_time": "2024-08-02 12:23:30.801",
"vendor_name": "Zyxel",
"title": "CVE-2023-27992",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-02 12:23:30.801",
"references": [
"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products",
"https://nvd.nist.gov/vuln/detail/CVE-2023-27992"
],
"cve": {
"uid": "CVE-2023-27992",
"created_time": "2023-03-09 08:44:12.874",
"modified_time": "2024-08-02 12:23:30.801",
"references": [
"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products",
"https://nvd.nist.gov/vuln/detail/CVE-2023-27992"
],
"cvss": [
{
"base_score": 9.8,
"severity": "Critical",
"src_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27992",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vendor_name": "Zyxel",
"version": "3.1",
"metrics": [
{
"name": "Attack Vector",
"value": "Network"
},
{
"name": "Attack Complexity",
"value": "Network"
},
{
"name": "Privileges Required",
"value": "None"
},
{
"name": "User Interaction",
"value": "None"
},
{
"name": "Scope",
"value": "Unchanged"
},
{
"name": "Confidentiality",
"value": "High"
},
{
"name": "Integrity",
"value": "High"
},
{
"name": "Availability",
"value": "High"
}
]
}
]
},
"cwe": {
"uid": "CWE-78",
"caption": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"src_url": "https://cwe.mitre.org/data/definitions/78.html"
},
"affected_packages": [
{
"name": "NAS326 firmware",
"version": "< V5.21(AAZF.14)C0",
"vendor_name": "Zyxel"
},
{
"name": "NAS540 firmware",
"version": "< V5.21(AATB.11)C0",
"vendor_name": "Zyxel"
},
{
"name": "NAS542 firmware",
"version": "< V5.21(ABAG.11)C0",
"vendor_name": "Zyxel"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-05-04 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Roundcube Webmail Remote Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2020-12641",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2020-05-04 14:58:15",
"original_time": "2020-05-04 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-12641"
}
],
"osint": [
{
"comment": "Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.",
"confidence_id": 3,
"value": "CVE-2020-12641",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-12641",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.",
"first_seen_time": "2020-05-04 14:58:15",
"last_seen_time": "2024-08-04 12:04:22.319",
"vendor_name": "Mitre",
"title": "CVE-2020-12641",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 12:04:22.319",
"references": [
"https://github.com/roundcube/roundcubemail/releases/tag/1.4.4",
"https://nvd.nist.gov/vuln/detail/CVE-2020-12641"
],
"cve": {
"uid": "CVE-2020-12641",
"created_time": "2020-05-04 00:00:00",
"modified_time": "2024-08-04 12:04:22.319",
"references": [
"https://github.com/roundcube/roundcubemail/releases/tag/1.4.4",
"https://nvd.nist.gov/vuln/detail/CVE-2020-12641"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2023-03-23 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Zyxel Multiple Firewalls OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2023-28771",
"correlation_uid": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"logged_time": "2023-04-25 00:00:00",
"original_time": "2023-03-23 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-78"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2023-28771"
}
],
"osint": [
{
"comment": "Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.",
"confidence_id": 3,
"value": "CVE-2023-28771",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2023-28771",
"vendor_name": "Zyxel",
"uid": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"vulnerabilities": [
{
"desc": "Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.",
"first_seen_time": "2023-04-25 00:00:00",
"last_seen_time": "2024-08-02 13:51:38.311",
"vendor_name": "Zyxel",
"title": "CVE-2023-28771",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-02 13:51:38.311",
"references": [
"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls",
"https://nvd.nist.gov/vuln/detail/CVE-2023-28771"
],
"cve": {
"uid": "CVE-2023-28771",
"created_time": "2023-03-23 00:00:00",
"modified_time": "2024-08-02 13:51:38.311",
"references": [
"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls",
"https://nvd.nist.gov/vuln/detail/CVE-2023-28771"
],
"cvss": []
},
"cwe": {
"uid": "CWE-78",
"caption": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"src_url": "https://cwe.mitre.org/data/definitions/78.html"
},
"affected_packages": [
{
"name": "ZyWALL/USG series firmware",
"version": "4.60 through 4.73",
"vendor_name": "Zyxel"
},
{
"name": "VPN series firmware",
"version": "4.60 through 5.35",
"vendor_name": "Zyxel"
},
{
"name": "USG FLEX series firmware",
"version": "4.60 through 5.35",
"vendor_name": "Zyxel"
},
{
"name": "ATP series firmware",
"version": "4.60 through 5.35",
"vendor_name": "Zyxel"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2022-04-08 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2022-28810",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2022-04-18 12:22:59",
"original_time": "2022-04-08 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2022-28810"
}
],
"osint": [
{
"comment": "Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset.",
"confidence_id": 3,
"value": "CVE-2022-28810",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2022-28810",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.",
"first_seen_time": "2022-04-18 12:22:59",
"last_seen_time": "2024-08-03 06:03:52.963",
"vendor_name": "Mitre",
"title": "CVE-2022-28810",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-03 06:03:52.963",
"references": [
"https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html",
"https://nvd.nist.gov/vuln/detail/CVE-2022-28810"
],
"cve": {
"uid": "CVE-2022-28810",
"created_time": "2022-04-08 00:00:00",
"modified_time": "2024-08-03 06:03:52.963",
"references": [
"https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html",
"https://nvd.nist.gov/vuln/detail/CVE-2022-28810"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2022-06-17 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Apache Spark Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2022-33891",
"correlation_uid": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"logged_time": "2022-07-18 00:00:00",
"original_time": "2022-06-17 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-78"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2022-33891"
}
],
"osint": [
{
"comment": "Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.",
"confidence_id": 3,
"value": "CVE-2022-33891",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2022-33891",
"vendor_name": "Apache",
"uid": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"vulnerabilities": [
{
"desc": "The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.",
"first_seen_time": "2022-07-18 00:00:00",
"last_seen_time": "2024-08-03 08:09:22.687",
"vendor_name": "Apache",
"title": "CVE-2022-33891",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-03 08:09:22.687",
"references": [
"https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc",
"https://nvd.nist.gov/vuln/detail/CVE-2022-33891"
],
"cve": {
"uid": "CVE-2022-33891",
"created_time": "2022-06-17 00:00:00",
"modified_time": "2024-08-03 08:09:22.687",
"references": [
"https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc",
"https://nvd.nist.gov/vuln/detail/CVE-2022-33891"
],
"cvss": []
},
"cwe": {
"uid": "CWE-78",
"caption": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"src_url": "https://cwe.mitre.org/data/definitions/78.html"
},
"affected_packages": [
{
"name": "Apache Spark",
"version": "3.0.3 and earlier",
"vendor_name": "Apache"
},
{
"name": "Apache Spark",
"version": "3.1.1 to 3.1.2",
"vendor_name": "Apache"
},
{
"name": "Apache Spark",
"version": "3.2.0 to 3.2.1",
"vendor_name": "Apache"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2022-11-07 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "CWP Control Web Panel OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2022-44877",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2023-01-05 00:00:00",
"original_time": "2022-11-07 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2022-44877"
}
],
"osint": [
{
"comment": "CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.",
"confidence_id": 3,
"value": "CVE-2022-44877",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2022-44877",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.",
"first_seen_time": "2023-01-05 00:00:00",
"last_seen_time": "2024-08-03 14:01:31.364",
"vendor_name": "Mitre",
"title": "CVE-2022-44877",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-03 14:01:31.364",
"references": [
"https://www.youtube.com/watch?v=kiLfSvc1SYY",
"https://nvd.nist.gov/vuln/detail/CVE-2022-44877"
],
"cve": {
"uid": "CVE-2022-44877",
"created_time": "2022-11-07 00:00:00",
"modified_time": "2024-08-03 14:01:31.364",
"references": [
"https://www.youtube.com/watch?v=kiLfSvc1SYY",
"https://nvd.nist.gov/vuln/detail/CVE-2022-44877"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2022-07-26 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Atlassian Bitbucket Server and Data Center Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2022-36804",
"correlation_uid": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"logged_time": "2022-08-25 05:40:08.899310",
"original_time": "2022-07-26 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2022-36804"
}
],
"osint": [
{
"comment": "Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.",
"confidence_id": 3,
"value": "CVE-2022-36804",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2022-36804",
"vendor_name": "Atlassian",
"uid": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"vulnerabilities": [
{
"desc": "Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.",
"first_seen_time": "2022-08-25 05:40:08.899310",
"last_seen_time": "2024-09-16 18:14:18.941",
"vendor_name": "Atlassian",
"title": "CVE-2022-36804",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-09-16 18:14:18.941",
"references": [
"https://jira.atlassian.com/browse/BSERV-13438",
"https://nvd.nist.gov/vuln/detail/CVE-2022-36804"
],
"cve": {
"uid": "CVE-2022-36804",
"created_time": "2022-07-26 00:00:00",
"modified_time": "2024-09-16 18:14:18.941",
"references": [
"https://jira.atlassian.com/browse/BSERV-13438",
"https://nvd.nist.gov/vuln/detail/CVE-2022-36804"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "Remote Code Execution",
"src_url": null
},
"affected_packages": [
{
"name": "Bitbucket Server",
"version": "7.0.0",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Server",
"version": "unspecified",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Server",
"version": "7.7.0",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Server",
"version": "unspecified",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Server",
"version": "7.18.0",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Server",
"version": "unspecified",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Server",
"version": "8.0.0",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Server",
"version": "unspecified",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Server",
"version": "8.1.0",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Server",
"version": "unspecified",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Server",
"version": "8.2.0",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Server",
"version": "unspecified",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Server",
"version": "8.3.0",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Server",
"version": "unspecified",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Data Center",
"version": "7.0.0",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Data Center",
"version": "unspecified",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Data Center",
"version": "7.7.0",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Data Center",
"version": "unspecified",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Data Center",
"version": "7.18.0",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Data Center",
"version": "unspecified",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Data Center",
"version": "8.0.0",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Data Center",
"version": "unspecified",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Data Center",
"version": "8.1.0",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Data Center",
"version": "unspecified",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Data Center",
"version": "8.2.0",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Data Center",
"version": "unspecified",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Data Center",
"version": "8.3.0",
"vendor_name": "Atlassian"
},
{
"name": "Bitbucket Data Center",
"version": "unspecified",
"vendor_name": "Atlassian"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2022-02-28 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "D-Link DIR-820L Remote Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2022-26258",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2022-03-27 00:00:00",
"original_time": "2022-02-28 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2022-26258"
}
],
"osint": [
{
"comment": "D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution.",
"confidence_id": 3,
"value": "CVE-2022-26258",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2022-26258",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.",
"first_seen_time": "2022-03-27 00:00:00",
"last_seen_time": "2024-08-03 04:56:37.850",
"vendor_name": "Mitre",
"title": "CVE-2022-26258",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-03 04:56:37.850",
"references": [
"http://dlink.com",
"https://nvd.nist.gov/vuln/detail/CVE-2022-26258"
],
"cve": {
"uid": "CVE-2022-26258",
"created_time": "2022-02-28 00:00:00",
"modified_time": "2024-08-03 04:56:37.850",
"references": [
"http://dlink.com",
"https://nvd.nist.gov/vuln/detail/CVE-2022-26258"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2018-02-02 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "D-Link Multiple Routers OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2018-6530",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2018-03-06 20:00:00",
"original_time": "2018-02-02 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2018-6530"
}
],
"osint": [
{
"comment": "Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands.",
"confidence_id": 3,
"value": "CVE-2018-6530",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2018-6530",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.",
"first_seen_time": "2018-03-06 20:00:00",
"last_seen_time": "2024-08-05 06:10:10.174",
"vendor_name": "Mitre",
"title": "CVE-2018-6530",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 06:10:10.174",
"references": [
"ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
"https://nvd.nist.gov/vuln/detail/CVE-2018-6530"
],
"cve": {
"uid": "CVE-2018-6530",
"created_time": "2018-02-02 00:00:00",
"modified_time": "2024-08-05 06:10:10.174",
"references": [
"ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
"https://nvd.nist.gov/vuln/detail/CVE-2018-6530"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2018-12-07 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "QNAP NAS File Station Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2018-19949",
"correlation_uid": "2fd009eb-170a-4625-932b-17a53af1051f",
"logged_time": "2020-10-28 17:55:18",
"original_time": "2018-12-07 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-20"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2018-19949"
}
],
"osint": [
{
"comment": "A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.",
"confidence_id": 3,
"value": "CVE-2018-19949",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2018-19949",
"vendor_name": "Qnap",
"uid": "2fd009eb-170a-4625-932b-17a53af1051f",
"vulnerabilities": [
{
"desc": "If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.",
"first_seen_time": "2020-10-28 17:55:18",
"last_seen_time": "2024-08-05 11:51:17.944",
"vendor_name": "Qnap",
"title": "CVE-2018-19949",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 11:51:17.944",
"references": [
"https://www.qnap.com/zh-tw/security-advisory/qsa-20-01",
"https://nvd.nist.gov/vuln/detail/CVE-2018-19949"
],
"cve": {
"uid": "CVE-2018-19949",
"created_time": "2018-12-07 00:00:00",
"modified_time": "2024-08-05 11:51:17.944",
"references": [
"https://www.qnap.com/zh-tw/security-advisory/qsa-20-01",
"https://nvd.nist.gov/vuln/detail/CVE-2018-19949"
],
"cvss": []
},
"cwe": {
"uid": "CWE-20",
"caption": "CWE-20 Improper Input Validation",
"src_url": "https://cwe.mitre.org/data/definitions/20.html"
},
"affected_packages": [
{
"name": "QTS",
"version": "unspecified",
"vendor_name": "Qnap"
},
{
"name": "QTS",
"version": "unspecified",
"vendor_name": "Qnap"
},
{
"name": "QTS",
"version": "unspecified",
"vendor_name": "Qnap"
},
{
"name": "QTS",
"version": "unspecified",
"vendor_name": "Qnap"
},
{
"name": "QTS",
"version": "unspecified",
"vendor_name": "Qnap"
},
{
"name": "QTS",
"version": "unspecified",
"vendor_name": "Qnap"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2022-05-10 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Zyxel Multiple Firewalls OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2022-30525",
"correlation_uid": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"logged_time": "2022-05-12 13:05:11",
"original_time": "2022-05-10 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-78"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2022-30525"
}
],
"osint": [
{
"comment": "A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.",
"confidence_id": 3,
"value": "CVE-2022-30525",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2022-30525",
"vendor_name": "Zyxel",
"uid": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"vulnerabilities": [
{
"desc": "A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.",
"first_seen_time": "2022-05-12 13:05:11",
"last_seen_time": "2024-08-03 06:48:36.383",
"vendor_name": "Zyxel",
"title": "CVE-2022-30525",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-03 06:48:36.383",
"references": [
"https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml",
"https://nvd.nist.gov/vuln/detail/CVE-2022-30525"
],
"cve": {
"uid": "CVE-2022-30525",
"created_time": "2022-05-10 00:00:00",
"modified_time": "2024-08-03 06:48:36.383",
"references": [
"https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml",
"https://nvd.nist.gov/vuln/detail/CVE-2022-30525"
],
"cvss": []
},
"cwe": {
"uid": "CWE-78",
"caption": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"src_url": "https://cwe.mitre.org/data/definitions/78.html"
},
"affected_packages": [
{
"name": "USG FLEX 100(W) firmware",
"version": "5.00 through 5.21 Patch 1",
"vendor_name": "Zyxel"
},
{
"name": "USG FLEX 200 firmware",
"version": "5.00 through 5.21 Patch 1",
"vendor_name": "Zyxel"
},
{
"name": "USG FLEX 500 firmware",
"version": "5.00 through 5.21 Patch 1",
"vendor_name": "Zyxel"
},
{
"name": "USG FLEX 700 firmware",
"version": "5.00 through 5.21 Patch 1",
"vendor_name": "Zyxel"
},
{
"name": "ATP series firmware",
"version": "5.10 through 5.21 Patch 1",
"vendor_name": "Zyxel"
},
{
"name": "VPN series firmware",
"version": "4.60 through 5.21 Patch 1",
"vendor_name": "Zyxel"
},
{
"name": "USG FLEX 50(W) firmware",
"version": "5.10 through 5.21 Patch 1",
"vendor_name": "Zyxel"
},
{
"name": "USG 20(W)-VPN firmware",
"version": "5.10 through 5.21 Patch 1",
"vendor_name": "Zyxel"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2019-09-06 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "D-Link DNS-320 Remote Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2019-16057",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2019-09-16 11:58:14",
"original_time": "2019-09-06 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2019-16057"
}
],
"osint": [
{
"comment": "The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.",
"confidence_id": 3,
"value": "CVE-2019-16057",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2019-16057",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.",
"first_seen_time": "2019-09-16 11:58:14",
"last_seen_time": "2024-08-05 01:03:32.634",
"vendor_name": "Mitre",
"title": "CVE-2019-16057",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 01:03:32.634",
"references": [
"https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
"https://nvd.nist.gov/vuln/detail/CVE-2019-16057"
],
"cve": {
"uid": "CVE-2019-16057",
"created_time": "2019-09-06 00:00:00",
"modified_time": "2024-08-05 01:03:32.634",
"references": [
"https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
"https://nvd.nist.gov/vuln/detail/CVE-2019-16057"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2019-12-09 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "QNAP Network-Attached Storage (NAS) Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2020-2509",
"correlation_uid": "2fd009eb-170a-4625-932b-17a53af1051f",
"logged_time": "2021-04-17 03:50:12.655947",
"original_time": "2019-12-09 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-77"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-2509"
}
],
"osint": [
{
"comment": "QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution.",
"confidence_id": 3,
"value": "CVE-2020-2509",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-2509",
"vendor_name": "Qnap",
"uid": "2fd009eb-170a-4625-932b-17a53af1051f",
"vulnerabilities": [
{
"desc": "A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later",
"first_seen_time": "2021-04-17 03:50:12.655947",
"last_seen_time": "2024-09-16 23:46:02.739",
"vendor_name": "Qnap",
"title": "CVE-2020-2509",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-09-16 23:46:02.739",
"references": [
"https://www.qnap.com/en/security-advisory/qsa-21-05",
"https://nvd.nist.gov/vuln/detail/CVE-2020-2509"
],
"cve": {
"uid": "CVE-2020-2509",
"created_time": "2019-12-09 00:00:00",
"modified_time": "2024-09-16 23:46:02.739",
"references": [
"https://www.qnap.com/en/security-advisory/qsa-21-05",
"https://nvd.nist.gov/vuln/detail/CVE-2020-2509"
],
"cvss": []
},
"cwe": {
"uid": "CWE-77",
"caption": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"src_url": "https://cwe.mitre.org/data/definitions/77.html"
},
"affected_packages": [
{
"name": "QTS",
"version": "unspecified",
"vendor_name": "Qnap"
},
{
"name": "QTS",
"version": "unspecified",
"vendor_name": "Qnap"
},
{
"name": "QTS",
"version": "unspecified",
"vendor_name": "Qnap"
},
{
"name": "QTS",
"version": "unspecified",
"vendor_name": "Qnap"
},
{
"name": "QTS",
"version": "unspecified",
"vendor_name": "Qnap"
},
{
"name": "QTS",
"version": "unspecified",
"vendor_name": "Qnap"
},
{
"name": "QuTS hero",
"version": "unspecified",
"vendor_name": "Qnap"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2021-12-20 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "D-Link Multiple Routers Remote Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2021-45382",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2022-02-17 20:07:46",
"original_time": "2021-12-20 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2021-45382"
}
],
"osint": [
{
"comment": "A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.",
"confidence_id": 3,
"value": "CVE-2021-45382",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2021-45382",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life (\"EOL\") /End of Service Life (\"EOS\") Life-Cycle and as such this issue will not be patched.",
"first_seen_time": "2022-02-17 20:07:46",
"last_seen_time": "2024-08-04 04:39:20.551",
"vendor_name": "Mitre",
"title": "CVE-2021-45382",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 04:39:20.551",
"references": [
"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10264",
"https://nvd.nist.gov/vuln/detail/CVE-2021-45382"
],
"cve": {
"uid": "CVE-2021-45382",
"created_time": "2021-12-20 00:00:00",
"modified_time": "2024-08-04 04:39:20.551",
"references": [
"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10264",
"https://nvd.nist.gov/vuln/detail/CVE-2021-45382"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2018-04-30 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Dasan GPON Routers Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2018-10562",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2018-05-04 03:00:00",
"original_time": "2018-04-30 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2018-10562"
}
],
"osint": [
{
"comment": "Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.",
"confidence_id": 3,
"value": "CVE-2018-10562",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2018-10562",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.",
"first_seen_time": "2018-05-04 03:00:00",
"last_seen_time": "2024-08-05 07:39:08.399",
"vendor_name": "Mitre",
"title": "CVE-2018-10562",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 07:39:08.399",
"references": [
"http://www.securityfocus.com/bid/107053",
"https://nvd.nist.gov/vuln/detail/CVE-2018-10562"
],
"cve": {
"uid": "CVE-2018-10562",
"created_time": "2018-04-30 00:00:00",
"modified_time": "2024-08-05 07:39:08.399",
"references": [
"http://www.securityfocus.com/bid/107053",
"https://nvd.nist.gov/vuln/detail/CVE-2018-10562"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-02-24 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "D-Link DIR-610 Devices Remote Command Execution",
"metadata": {
"uid": "CVE-2020-9377",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2020-07-09 12:06:48",
"original_time": "2020-02-24 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-9377"
}
],
"osint": [
{
"comment": "D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.",
"confidence_id": 3,
"value": "CVE-2020-9377",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-9377",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer",
"first_seen_time": "2020-07-09 12:06:48",
"last_seen_time": "2024-08-04 10:26:16.104",
"vendor_name": "Mitre",
"title": "CVE-2020-9377",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 10:26:16.104",
"references": [
"https://www.dlink.com.br/produto/dir-610/",
"https://nvd.nist.gov/vuln/detail/CVE-2020-9377"
],
"cve": {
"uid": "CVE-2020-9377",
"created_time": "2020-02-24 00:00:00",
"modified_time": "2024-08-04 10:26:16.104",
"references": [
"https://www.dlink.com.br/produto/dir-610/",
"https://nvd.nist.gov/vuln/detail/CVE-2020-9377"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-02-18 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Zyxel Multiple NAS Devices OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2020-9054",
"correlation_uid": "37e5125f-f79b-445b-8fad-9564f167944b",
"logged_time": "2020-03-04 19:30:18.400802",
"original_time": "2020-02-18 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-78"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-9054"
}
],
"osint": [
{
"comment": "Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.",
"confidence_id": 3,
"value": "CVE-2020-9054",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-9054",
"vendor_name": "Certcc",
"uid": "37e5125f-f79b-445b-8fad-9564f167944b",
"vulnerabilities": [
{
"desc": "Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2",
"first_seen_time": "2020-03-04 19:30:18.400802",
"last_seen_time": "2024-09-16 17:14:38.648",
"vendor_name": "Certcc",
"title": "CVE-2020-9054",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-09-16 17:14:38.648",
"references": [
"https://cwe.mitre.org/data/definitions/78.html",
"https://nvd.nist.gov/vuln/detail/CVE-2020-9054"
],
"cve": {
"uid": "CVE-2020-9054",
"created_time": "2020-02-18 00:00:00",
"modified_time": "2024-09-16 17:14:38.648",
"references": [
"https://cwe.mitre.org/data/definitions/78.html",
"https://nvd.nist.gov/vuln/detail/CVE-2020-9054"
],
"cvss": []
},
"cwe": {
"uid": "CWE-78",
"caption": "CWE-78 OS Command Injection",
"src_url": "https://cwe.mitre.org/data/definitions/78.html"
},
"affected_packages": [
{
"name": "NAS326",
"version": "V5.21(AAZF.7)C0",
"vendor_name": "Certcc"
},
{
"name": "NAS520",
"version": "V5.21(AASZ.3)C0",
"vendor_name": "Certcc"
},
{
"name": "NAS540",
"version": "V5.21(AATB.4)C0",
"vendor_name": "Certcc"
},
{
"name": "NAS542",
"version": "V5.21(ABAG.4)C0",
"vendor_name": "Certcc"
},
{
"name": "NSA210",
"version": "all",
"vendor_name": "Certcc"
},
{
"name": "NSA220",
"version": "all",
"vendor_name": "Certcc"
},
{
"name": "NSA220+",
"version": "all",
"vendor_name": "Certcc"
},
{
"name": "NSA221",
"version": "all",
"vendor_name": "Certcc"
},
{
"name": "NSA310",
"version": "V4.75(AALH.2)C0",
"vendor_name": "Certcc"
},
{
"name": "NSA320",
"version": "all",
"vendor_name": "Certcc"
},
{
"name": "NSA320S",
"version": "V4.75(AANV.2)C0",
"vendor_name": "Certcc"
},
{
"name": "NSA325",
"version": "V4.81(AAAJ.1)C0",
"vendor_name": "Certcc"
},
{
"name": "NSA325v2",
"version": "V4.81(AALS.1)C0",
"vendor_name": "Certcc"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-01-20 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "OpenSMTPD Remote Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2020-7247",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2020-01-29 15:53:18",
"original_time": "2020-01-20 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-7247"
}
],
"osint": [
{
"comment": "smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.",
"confidence_id": 3,
"value": "CVE-2020-7247",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-7247",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation.",
"first_seen_time": "2020-01-29 15:53:18",
"last_seen_time": "2024-08-04 09:25:48.402",
"vendor_name": "Mitre",
"title": "CVE-2020-7247",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 09:25:48.402",
"references": [
"https://www.openbsd.org/security.html",
"https://nvd.nist.gov/vuln/detail/CVE-2020-7247"
],
"cve": {
"uid": "CVE-2020-7247",
"created_time": "2020-01-20 00:00:00",
"modified_time": "2024-08-04 09:25:48.402",
"references": [
"https://www.openbsd.org/security.html",
"https://nvd.nist.gov/vuln/detail/CVE-2020-7247"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-09-10 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Sophos SG UTM Remote Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2020-25223",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2020-09-25 00:00:00",
"original_time": "2020-09-10 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-25223"
}
],
"osint": [
{
"comment": "A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.",
"confidence_id": 3,
"value": "CVE-2020-25223",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-25223",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11",
"first_seen_time": "2020-09-25 00:00:00",
"last_seen_time": "2024-08-04 15:33:05.408",
"vendor_name": "Mitre",
"title": "CVE-2020-25223",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 15:33:05.408",
"references": [
"https://cwe.mitre.org/data/definitions/78.html",
"https://nvd.nist.gov/vuln/detail/CVE-2020-25223"
],
"cve": {
"uid": "CVE-2020-25223",
"created_time": "2020-09-10 00:00:00",
"modified_time": "2024-08-04 15:33:05.408",
"references": [
"https://cwe.mitre.org/data/definitions/78.html",
"https://nvd.nist.gov/vuln/detail/CVE-2020-25223"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2019-12-02 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Apache Kylin OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2020-1956",
"correlation_uid": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"logged_time": "2020-05-22 13:27:43",
"original_time": "2019-12-02 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-1956"
}
],
"osint": [
{
"comment": "Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.",
"confidence_id": 3,
"value": "CVE-2020-1956",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-1956",
"vendor_name": "Apache",
"uid": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"vulnerabilities": [
{
"desc": "Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.",
"first_seen_time": "2020-05-22 13:27:43",
"last_seen_time": "2024-08-04 06:54:00.299",
"vendor_name": "Apache",
"title": "CVE-2020-1956",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 06:54:00.299",
"references": [
"https://lists.apache.org/thread.html/r1332ef34cf8e2c0589cf44ad269fb1fb4c06addec6297f0320f5111d%40%3Cuser.kylin.apache.org%3E",
"https://nvd.nist.gov/vuln/detail/CVE-2020-1956"
],
"cve": {
"uid": "CVE-2020-1956",
"created_time": "2019-12-02 00:00:00",
"modified_time": "2024-08-04 06:54:00.299",
"references": [
"https://lists.apache.org/thread.html/r1332ef34cf8e2c0589cf44ad269fb1fb4c06addec6297f0320f5111d%40%3Cuser.kylin.apache.org%3E",
"https://nvd.nist.gov/vuln/detail/CVE-2020-1956"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "Command Injection",
"src_url": null
},
"affected_packages": [
{
"name": "Kylin",
"version": "2.3.0",
"vendor_name": "Apache"
},
{
"name": "Kylin",
"version": "<=2.6.5",
"vendor_name": "Apache"
},
{
"name": "Kylin",
"version": "<=3.0.1",
"vendor_name": "Apache"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2019-09-27 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "D-Link Multiple Routers Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2019-16920",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2019-09-27 11:34:12",
"original_time": "2019-09-27 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2019-16920"
}
],
"osint": [
{
"comment": "Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.",
"confidence_id": 3,
"value": "CVE-2019-16920",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2019-16920",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a \"PingTest\" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.",
"first_seen_time": "2019-09-27 11:34:12",
"last_seen_time": "2024-08-05 01:24:48.593",
"vendor_name": "Mitre",
"title": "CVE-2019-16920",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 01:24:48.593",
"references": [
"https://fortiguard.com/zeroday/FG-VD-19-117",
"https://nvd.nist.gov/vuln/detail/CVE-2019-16920"
],
"cve": {
"uid": "CVE-2019-16920",
"created_time": "2019-09-27 00:00:00",
"modified_time": "2024-08-05 01:24:48.593",
"references": [
"https://fortiguard.com/zeroday/FG-VD-19-117",
"https://nvd.nist.gov/vuln/detail/CVE-2019-16920"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2019-08-15 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Webmin Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2019-15107",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2019-08-16 02:44:04",
"original_time": "2019-08-15 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2019-15107"
}
],
"osint": [
{
"comment": "An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.",
"confidence_id": 3,
"value": "CVE-2019-15107",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2019-15107",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.",
"first_seen_time": "2019-08-16 02:44:04",
"last_seen_time": "2024-08-05 00:34:53.279",
"vendor_name": "Mitre",
"title": "CVE-2019-15107",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 00:34:53.279",
"references": [
"http://www.webmin.com/security.html",
"https://nvd.nist.gov/vuln/detail/CVE-2019-15107"
],
"cve": {
"uid": "CVE-2019-15107",
"created_time": "2019-08-15 00:00:00",
"modified_time": "2024-08-05 00:34:53.279",
"references": [
"http://www.webmin.com/security.html",
"https://nvd.nist.gov/vuln/detail/CVE-2019-15107"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2019-06-26 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Citrix SD-WAN and NetScaler Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2019-12991",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2019-07-16 17:16:38",
"original_time": "2019-06-26 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2019-12991"
}
],
"osint": [
{
"comment": "Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.",
"confidence_id": 3,
"value": "CVE-2019-12991",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2019-12991",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).",
"first_seen_time": "2019-07-16 17:16:38",
"last_seen_time": "2024-08-04 23:41:09.087",
"vendor_name": "Mitre",
"title": "CVE-2019-12991",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 23:41:09.087",
"references": [
"https://www.tenable.com/security/research/tra-2019-32",
"https://nvd.nist.gov/vuln/detail/CVE-2019-12991"
],
"cve": {
"uid": "CVE-2019-12991",
"created_time": "2019-06-26 00:00:00",
"modified_time": "2024-08-04 23:41:09.087",
"references": [
"https://www.tenable.com/security/research/tra-2019-32",
"https://nvd.nist.gov/vuln/detail/CVE-2019-12991"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2018-02-14 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2018-6961",
"correlation_uid": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"logged_time": "2018-06-11 22:00:00",
"original_time": "2018-02-14 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2018-6961"
}
],
"osint": [
{
"comment": "VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.",
"confidence_id": 3,
"value": "CVE-2018-6961",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2018-6961",
"vendor_name": "Vmware",
"uid": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"vulnerabilities": [
{
"desc": "VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.",
"first_seen_time": "2018-06-11 22:00:00",
"last_seen_time": "2024-09-17 01:36:00.106",
"vendor_name": "Vmware",
"title": "CVE-2018-6961",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-09-17 01:36:00.106",
"references": [
"http://www.securityfocus.com/bid/104185",
"https://nvd.nist.gov/vuln/detail/CVE-2018-6961"
],
"cve": {
"uid": "CVE-2018-6961",
"created_time": "2018-02-14 00:00:00",
"modified_time": "2024-09-17 01:36:00.106",
"references": [
"http://www.securityfocus.com/bid/104185",
"https://nvd.nist.gov/vuln/detail/CVE-2018-6961"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "Command Injection",
"src_url": null
},
"affected_packages": [
{
"name": "NSX SD-WAN by VeloCloud",
"version": "prior to version 3.1.0",
"vendor_name": "Vmware"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2018-08-01 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "LG N1A1 NAS Remote Command Execution Vulnerability",
"metadata": {
"uid": "CVE-2018-14839",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2019-05-14 20:01:16",
"original_time": "2018-08-01 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2018-14839"
}
],
"osint": [
{
"comment": "LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability.",
"confidence_id": 3,
"value": "CVE-2018-14839",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2018-14839",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.",
"first_seen_time": "2019-05-14 20:01:16",
"last_seen_time": "2024-08-05 09:38:14.007",
"vendor_name": "Mitre",
"title": "CVE-2018-14839",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 09:38:14.007",
"references": [
"https://medium.com/%400x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247",
"https://nvd.nist.gov/vuln/detail/CVE-2018-14839"
],
"cve": {
"uid": "CVE-2018-14839",
"created_time": "2018-08-01 00:00:00",
"modified_time": "2024-08-05 09:38:14.007",
"references": [
"https://medium.com/%400x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247",
"https://nvd.nist.gov/vuln/detail/CVE-2018-14839"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2018-05-15 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Quest KACE System Management Appliance Remote Command Execution Vulnerability",
"metadata": {
"uid": "CVE-2018-11138",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2018-05-31 18:00:00",
"original_time": "2018-05-15 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2018-11138"
}
],
"osint": [
{
"comment": "The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.",
"confidence_id": 3,
"value": "CVE-2018-11138",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2018-11138",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.",
"first_seen_time": "2018-05-31 18:00:00",
"last_seen_time": "2024-08-05 08:01:51.172",
"vendor_name": "Mitre",
"title": "CVE-2018-11138",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 08:01:51.172",
"references": [
"https://www.exploit-db.com/exploits/44950/",
"https://nvd.nist.gov/vuln/detail/CVE-2018-11138"
],
"cve": {
"uid": "CVE-2018-11138",
"created_time": "2018-05-15 00:00:00",
"modified_time": "2024-08-05 08:01:51.172",
"references": [
"https://www.exploit-db.com/exploits/44950/",
"https://nvd.nist.gov/vuln/detail/CVE-2018-11138"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2017-02-26 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "NETGEAR DGN2200 Devices OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2017-6334",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2017-03-06 02:00:00",
"original_time": "2017-02-26 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2017-6334"
}
],
"osint": [
{
"comment": "dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands",
"confidence_id": 3,
"value": "CVE-2017-6334",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2017-6334",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.",
"first_seen_time": "2017-03-06 02:00:00",
"last_seen_time": "2024-08-05 15:25:49.088",
"vendor_name": "Mitre",
"title": "CVE-2017-6334",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 15:25:49.088",
"references": [
"http://www.securityfocus.com/bid/96463",
"https://nvd.nist.gov/vuln/detail/CVE-2017-6334"
],
"cve": {
"uid": "CVE-2017-6334",
"created_time": "2017-02-26 00:00:00",
"modified_time": "2024-08-05 15:25:49.088",
"references": [
"http://www.securityfocus.com/bid/96463",
"https://nvd.nist.gov/vuln/detail/CVE-2017-6334"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-03-09 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "D-Link DCS-930L Devices OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2016-11021",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2020-03-09 00:55:19",
"original_time": "2020-03-09 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2016-11021"
}
],
"osint": [
{
"comment": "setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.",
"confidence_id": 3,
"value": "CVE-2016-11021",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2016-11021",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.",
"first_seen_time": "2020-03-09 00:55:19",
"last_seen_time": "2024-08-06 03:47:34.094",
"vendor_name": "Mitre",
"title": "CVE-2016-11021",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-06 03:47:34.094",
"references": [
"https://www.exploit-db.com/exploits/39437",
"https://nvd.nist.gov/vuln/detail/CVE-2016-11021"
],
"cve": {
"uid": "CVE-2016-11021",
"created_time": "2020-03-09 00:00:00",
"modified_time": "2024-08-06 03:47:34.094",
"references": [
"https://www.exploit-db.com/exploits/39437",
"https://nvd.nist.gov/vuln/detail/CVE-2016-11021"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2017-02-18 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "NETGEAR DGN2200 Remote Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2017-6077",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2017-02-22 23:00:00",
"original_time": "2017-02-18 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2017-6077"
}
],
"osint": [
{
"comment": "NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.",
"confidence_id": 3,
"value": "CVE-2017-6077",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2017-6077",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.",
"first_seen_time": "2017-02-22 23:00:00",
"last_seen_time": "2024-08-05 15:18:49.773",
"vendor_name": "Mitre",
"title": "CVE-2017-6077",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 15:18:49.773",
"references": [
"http://www.securityfocus.com/bid/96408",
"https://nvd.nist.gov/vuln/detail/CVE-2017-6077"
],
"cve": {
"uid": "CVE-2017-6077",
"created_time": "2017-02-18 00:00:00",
"modified_time": "2024-08-05 15:18:49.773",
"references": [
"http://www.securityfocus.com/bid/96408",
"https://nvd.nist.gov/vuln/detail/CVE-2017-6077"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2014-09-09 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2014-6271",
"correlation_uid": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"logged_time": "2014-09-24 18:00:00",
"original_time": "2014-09-09 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2014-6271"
}
],
"osint": [
{
"comment": "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code.",
"confidence_id": 3,
"value": "CVE-2014-6271",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2014-6271",
"vendor_name": "Debian",
"uid": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"vulnerabilities": [
{
"desc": "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka \"ShellShock.\" NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.",
"first_seen_time": "2014-09-24 18:00:00",
"last_seen_time": "2024-08-06 12:10:13.276",
"vendor_name": "Debian",
"title": "CVE-2014-6271",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-06 12:10:13.276",
"references": [
"https://www.exploit-db.com/exploits/37816/",
"https://nvd.nist.gov/vuln/detail/CVE-2014-6271"
],
"cve": {
"uid": "CVE-2014-6271",
"created_time": "2014-09-09 00:00:00",
"modified_time": "2024-08-06 12:10:13.276",
"references": [
"https://www.exploit-db.com/exploits/37816/",
"https://nvd.nist.gov/vuln/detail/CVE-2014-6271"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Debian"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2014-09-24 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2014-7169",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2014-09-25 01:00:00",
"original_time": "2014-09-24 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2014-7169"
}
],
"osint": [
{
"comment": "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271.",
"confidence_id": 3,
"value": "CVE-2014-7169",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2014-7169",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.",
"first_seen_time": "2014-09-25 01:00:00",
"last_seen_time": "2024-08-06 12:40:19.217",
"vendor_name": "Mitre",
"title": "CVE-2014-7169",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-06 12:40:19.217",
"references": [
"http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html",
"https://nvd.nist.gov/vuln/detail/CVE-2014-7169"
],
"cve": {
"uid": "CVE-2014-7169",
"created_time": "2014-09-24 00:00:00",
"modified_time": "2024-08-06 12:40:19.217",
"references": [
"http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html",
"https://nvd.nist.gov/vuln/detail/CVE-2014-7169"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2021-01-18 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Nagios XI OS Command Injection",
"metadata": {
"uid": "CVE-2021-25296",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2021-02-15 00:00:00",
"original_time": "2021-01-18 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2021-25296"
}
],
"osint": [
{
"comment": "Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.",
"confidence_id": 3,
"value": "CVE-2021-25296",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2021-25296",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.",
"first_seen_time": "2021-02-15 00:00:00",
"last_seen_time": "2024-08-03 19:56:11.223",
"vendor_name": "Mitre",
"title": "CVE-2021-25296",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-03 19:56:11.223",
"references": [
"http://nagios.com",
"https://nvd.nist.gov/vuln/detail/CVE-2021-25296"
],
"cve": {
"uid": "CVE-2021-25296",
"created_time": "2021-01-18 00:00:00",
"modified_time": "2024-08-03 19:56:11.223",
"references": [
"http://nagios.com",
"https://nvd.nist.gov/vuln/detail/CVE-2021-25296"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2021-01-18 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Nagios XI OS Command Injection",
"metadata": {
"uid": "CVE-2021-25297",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2021-02-15 00:00:00",
"original_time": "2021-01-18 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2021-25297"
}
],
"osint": [
{
"comment": "Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.",
"confidence_id": 3,
"value": "CVE-2021-25297",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2021-25297",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.",
"first_seen_time": "2021-02-15 00:00:00",
"last_seen_time": "2024-08-03 19:56:11.178",
"vendor_name": "Mitre",
"title": "CVE-2021-25297",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-03 19:56:11.178",
"references": [
"http://nagios.com",
"https://nvd.nist.gov/vuln/detail/CVE-2021-25297"
],
"cve": {
"uid": "CVE-2021-25297",
"created_time": "2021-01-18 00:00:00",
"modified_time": "2024-08-03 19:56:11.178",
"references": [
"http://nagios.com",
"https://nvd.nist.gov/vuln/detail/CVE-2021-25297"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2021-01-18 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Nagios XI OS Command Injection",
"metadata": {
"uid": "CVE-2021-25298",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2021-02-15 00:00:00",
"original_time": "2021-01-18 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2021-25298"
}
],
"osint": [
{
"comment": "Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.",
"confidence_id": 3,
"value": "CVE-2021-25298",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2021-25298",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.",
"first_seen_time": "2021-02-15 00:00:00",
"last_seen_time": "2024-08-03 19:56:11.221",
"vendor_name": "Mitre",
"title": "CVE-2021-25298",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-03 19:56:11.221",
"references": [
"http://nagios.com",
"https://nvd.nist.gov/vuln/detail/CVE-2021-25298"
],
"cve": {
"uid": "CVE-2021-25298",
"created_time": "2021-01-18 00:00:00",
"modified_time": "2024-08-03 19:56:11.221",
"references": [
"http://nagios.com",
"https://nvd.nist.gov/vuln/detail/CVE-2021-25298"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-12-22 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "System Information Library for Node.JS Command Injection",
"metadata": {
"uid": "CVE-2021-21315",
"correlation_uid": "a0819718-46f1-4df5-94e2-005712e83aaa",
"logged_time": "2021-02-16 17:00:18",
"original_time": "2020-12-22 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-78"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2021-21315"
}
],
"osint": [
{
"comment": "In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote.",
"confidence_id": 3,
"value": "CVE-2021-21315",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2021-21315",
"vendor_name": "Github_m",
"uid": "a0819718-46f1-4df5-94e2-005712e83aaa",
"vulnerabilities": [
{
"desc": "The System Information Library for Node.JS (npm package \"systeminformation\") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.",
"first_seen_time": "2021-02-16 17:00:18",
"last_seen_time": "2024-08-03 18:09:15.260",
"vendor_name": "Github_m",
"title": "CVE-2021-21315",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-03 18:09:15.260",
"references": [
"https://www.npmjs.com/package/systeminformation",
"https://nvd.nist.gov/vuln/detail/CVE-2021-21315"
],
"cve": {
"uid": "CVE-2021-21315",
"created_time": "2020-12-22 00:00:00",
"modified_time": "2024-08-03 18:09:15.260",
"references": [
"https://www.npmjs.com/package/systeminformation",
"https://nvd.nist.gov/vuln/detail/CVE-2021-21315"
],
"cvss": []
},
"cwe": {
"uid": "CWE-78",
"caption": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"src_url": "https://cwe.mitre.org/data/definitions/78.html"
},
"affected_packages": [
{
"name": "systeminformation",
"version": "< 5.3.1",
"vendor_name": "Github_m"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-04-21 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Apache Airflow Command Injection",
"metadata": {
"uid": "CVE-2020-11978",
"correlation_uid": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"logged_time": "2020-07-16 00:00:00",
"original_time": "2020-04-21 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-11978"
}
],
"osint": [
{
"comment": "A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow.",
"confidence_id": 3,
"value": "CVE-2020-11978",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-11978",
"vendor_name": "Apache",
"uid": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"vulnerabilities": [
{
"desc": "An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.",
"first_seen_time": "2020-07-16 00:00:00",
"last_seen_time": "2024-08-04 11:48:58.274",
"vendor_name": "Apache",
"title": "CVE-2020-11978",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 11:48:58.274",
"references": [
"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E",
"https://nvd.nist.gov/vuln/detail/CVE-2020-11978"
],
"cve": {
"uid": "CVE-2020-11978",
"created_time": "2020-04-21 00:00:00",
"modified_time": "2024-08-04 11:48:58.274",
"references": [
"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E",
"https://nvd.nist.gov/vuln/detail/CVE-2020-11978"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "Remote Code Execution",
"src_url": null
},
"affected_packages": [
{
"name": "Apache Airflow",
"version": "1.10.10 and below",
"vendor_name": "Apache"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2021-07-08 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Hikvision Improper Input Validation",
"metadata": {
"uid": "CVE-2021-36260",
"correlation_uid": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"logged_time": "2021-09-22 12:07:55",
"original_time": "2021-07-08 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2021-36260"
}
],
"osint": [
{
"comment": "A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.",
"confidence_id": 3,
"value": "CVE-2021-36260",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2021-36260",
"vendor_name": "Hikvision",
"uid": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"vulnerabilities": [
{
"desc": "A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.",
"first_seen_time": "2021-09-22 12:07:55",
"last_seen_time": "2024-08-04 00:54:50.746",
"vendor_name": "Hikvision",
"title": "CVE-2021-36260",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 00:54:50.746",
"references": [
"https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/",
"https://nvd.nist.gov/vuln/detail/CVE-2021-36260"
],
"cve": {
"uid": "CVE-2021-36260",
"created_time": "2021-07-08 00:00:00",
"modified_time": "2024-08-04 00:54:50.746",
"references": [
"https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/",
"https://nvd.nist.gov/vuln/detail/CVE-2021-36260"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Hikvision"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2019-03-27 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Exim Mail Transfer Agent (MTA) Improper Input Validation",
"metadata": {
"uid": "CVE-2019-10149",
"correlation_uid": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"logged_time": "2019-06-05 00:00:00",
"original_time": "2019-03-27 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-78"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2019-10149"
}
],
"osint": [
{
"comment": "Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.",
"confidence_id": 3,
"value": "CVE-2019-10149",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2019-10149",
"vendor_name": "Redhat",
"uid": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"vulnerabilities": [
{
"desc": "A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.",
"first_seen_time": "2019-06-05 00:00:00",
"last_seen_time": "2024-08-04 22:10:09.944",
"vendor_name": "Redhat",
"title": "CVE-2019-10149",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 22:10:09.944",
"references": [
"http://www.openwall.com/lists/oss-security/2019/06/05/2",
"https://nvd.nist.gov/vuln/detail/CVE-2019-10149"
],
"cve": {
"uid": "CVE-2019-10149",
"created_time": "2019-03-27 00:00:00",
"modified_time": "2024-08-04 22:10:09.944",
"references": [
"http://www.openwall.com/lists/oss-security/2019/06/05/2",
"https://nvd.nist.gov/vuln/detail/CVE-2019-10149"
],
"cvss": []
},
"cwe": {
"uid": "CWE-78",
"caption": "CWE-78",
"src_url": "https://cwe.mitre.org/data/definitions/78.html"
},
"affected_packages": [
{
"name": "exim",
"version": "4.92",
"vendor_name": "Redhat"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2021-06-23 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Realtek Jungle SDK Remote Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2021-35394",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2021-08-16 11:07:38",
"original_time": "2021-06-23 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2021-35394"
}
],
"osint": [
{
"comment": "RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.",
"confidence_id": 3,
"value": "CVE-2021-35394",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2021-35394",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.",
"first_seen_time": "2021-08-16 11:07:38",
"last_seen_time": "2024-08-04 00:33:51.334",
"vendor_name": "Mitre",
"title": "CVE-2021-35394",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 00:33:51.334",
"references": [
"https://www.securityfocus.com/archive/1/534765",
"https://nvd.nist.gov/vuln/detail/CVE-2021-35394"
],
"cve": {
"uid": "CVE-2021-35394",
"created_time": "2021-06-23 00:00:00",
"modified_time": "2024-08-04 00:33:51.334",
"references": [
"https://www.securityfocus.com/archive/1/534765",
"https://nvd.nist.gov/vuln/detail/CVE-2021-35394"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-02-10 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Pi-Hole AdminLTE Remote Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2020-8816",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2020-05-29 18:57:14",
"original_time": "2020-02-10 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-8816"
}
],
"osint": [
{
"comment": "Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.",
"confidence_id": 3,
"value": "CVE-2020-8816",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-8816",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.",
"first_seen_time": "2020-05-29 18:57:14",
"last_seen_time": "2024-08-04 10:12:10.658",
"vendor_name": "Mitre",
"title": "CVE-2020-8816",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 10:12:10.658",
"references": [
"https://github.com/pi-hole/AdminLTE/commits/master",
"https://nvd.nist.gov/vuln/detail/CVE-2020-8816"
],
"cve": {
"uid": "CVE-2020-8816",
"created_time": "2020-02-10 00:00:00",
"modified_time": "2024-08-04 10:12:10.658",
"references": [
"https://github.com/pi-hole/AdminLTE/commits/master",
"https://nvd.nist.gov/vuln/detail/CVE-2020-8816"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2021-02-10 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Accellion FTA OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2021-27104",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2021-02-16 20:16:42",
"original_time": "2021-02-10 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2021-27104"
}
],
"osint": [
{
"comment": "Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.",
"confidence_id": 3,
"value": "CVE-2021-27104",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2021-27104",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.",
"first_seen_time": "2021-02-16 20:16:42",
"last_seen_time": "2024-08-03 20:40:47.292",
"vendor_name": "Mitre",
"title": "CVE-2021-27104",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-03 20:40:47.292",
"references": [
"https://www.accellion.com/products/fta/",
"https://nvd.nist.gov/vuln/detail/CVE-2021-27104"
],
"cve": {
"uid": "CVE-2021-27104",
"created_time": "2021-02-10 00:00:00",
"modified_time": "2024-08-03 20:40:47.292",
"references": [
"https://www.accellion.com/products/fta/",
"https://nvd.nist.gov/vuln/detail/CVE-2021-27104"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2021-02-10 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Accellion FTA OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2021-27102",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2021-02-16 20:07:45",
"original_time": "2021-02-10 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2021-27102"
}
],
"osint": [
{
"comment": "Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.",
"confidence_id": 3,
"value": "CVE-2021-27102",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2021-27102",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.",
"first_seen_time": "2021-02-16 20:07:45",
"last_seen_time": "2024-08-03 20:40:47.247",
"vendor_name": "Mitre",
"title": "CVE-2021-27102",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-03 20:40:47.247",
"references": [
"https://www.accellion.com/products/fta/",
"https://nvd.nist.gov/vuln/detail/CVE-2021-27102"
],
"cve": {
"uid": "CVE-2021-27102",
"created_time": "2021-02-10 00:00:00",
"modified_time": "2024-08-03 20:40:47.247",
"references": [
"https://www.accellion.com/products/fta/",
"https://nvd.nist.gov/vuln/detail/CVE-2021-27102"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-11-13 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2021-1497",
"correlation_uid": "d1c1063e-7a18-46af-9102-31f8928bc633",
"logged_time": "2021-05-06 12:41:27.712596",
"original_time": "2020-11-13 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-78"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2021-1497"
}
],
"osint": [
{
"comment": "Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.",
"confidence_id": 3,
"value": "CVE-2021-1497",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2021-1497",
"vendor_name": "Cisco",
"uid": "d1c1063e-7a18-46af-9102-31f8928bc633",
"vulnerabilities": [
{
"desc": "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
"first_seen_time": "2021-05-06 12:41:27.712596",
"last_seen_time": "2024-09-17 02:21:40.011",
"vendor_name": "Cisco",
"title": "CVE-2021-1497",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-09-17 02:21:40.011",
"references": [
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR",
"https://nvd.nist.gov/vuln/detail/CVE-2021-1497"
],
"cve": {
"uid": "CVE-2021-1497",
"created_time": "2020-11-13 00:00:00",
"modified_time": "2024-09-17 02:21:40.011",
"references": [
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR",
"https://nvd.nist.gov/vuln/detail/CVE-2021-1497"
],
"cvss": []
},
"cwe": {
"uid": "CWE-78",
"caption": "CWE-78",
"src_url": "https://cwe.mitre.org/data/definitions/78.html"
},
"affected_packages": [
{
"name": "Cisco HyperFlex HX Data Platform",
"version": "n/a",
"vendor_name": "Cisco"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-11-13 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Cisco HyperFlex HX Data Platform Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2021-1498",
"correlation_uid": "d1c1063e-7a18-46af-9102-31f8928bc633",
"logged_time": "2021-05-06 12:41:31.982681",
"original_time": "2020-11-13 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cwe.uid",
"type_id": 17,
"value": "CWE-78"
},
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2021-1498"
}
],
"osint": [
{
"comment": "Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.",
"confidence_id": 3,
"value": "CVE-2021-1498",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2021-1498",
"vendor_name": "Cisco",
"uid": "d1c1063e-7a18-46af-9102-31f8928bc633",
"vulnerabilities": [
{
"desc": "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
"first_seen_time": "2021-05-06 12:41:31.982681",
"last_seen_time": "2024-09-16 18:23:58.975",
"vendor_name": "Cisco",
"title": "CVE-2021-1498",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-09-16 18:23:58.975",
"references": [
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR",
"https://nvd.nist.gov/vuln/detail/CVE-2021-1498"
],
"cve": {
"uid": "CVE-2021-1498",
"created_time": "2020-11-13 00:00:00",
"modified_time": "2024-09-16 18:23:58.975",
"references": [
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR",
"https://nvd.nist.gov/vuln/detail/CVE-2021-1498"
],
"cvss": []
},
"cwe": {
"uid": "CWE-78",
"caption": "CWE-78",
"src_url": "https://cwe.mitre.org/data/definitions/78.html"
},
"affected_packages": [
{
"name": "Cisco HyperFlex HX Data Platform",
"version": "n/a",
"vendor_name": "Cisco"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-09-14 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "D-Link DNS-320 Device Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2020-25506",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2021-02-02 13:00:11",
"original_time": "2020-09-14 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-25506"
}
],
"osint": [
{
"comment": "D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution.",
"confidence_id": 3,
"value": "CVE-2020-25506",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-25506",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.",
"first_seen_time": "2021-02-02 13:00:11",
"last_seen_time": "2024-08-04 15:33:05.826",
"vendor_name": "Mitre",
"title": "CVE-2020-25506",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 15:33:05.826",
"references": [
"https://www.dlink.com/en/security-bulletin/",
"https://nvd.nist.gov/vuln/detail/CVE-2020-25506"
],
"cve": {
"uid": "CVE-2020-25506",
"created_time": "2020-09-14 00:00:00",
"modified_time": "2024-08-04 15:33:05.826",
"references": [
"https://www.dlink.com/en/security-bulletin/",
"https://nvd.nist.gov/vuln/detail/CVE-2020-25506"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-02-01 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Multiple DrayTek Vigor Routers Web Management Page Vulnerability",
"metadata": {
"uid": "CVE-2020-8515",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2020-02-01 12:36:59",
"original_time": "2020-02-01 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-8515"
}
],
"osint": [
{
"comment": "DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.",
"confidence_id": 3,
"value": "CVE-2020-8515",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-8515",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.",
"first_seen_time": "2020-02-01 12:36:59",
"last_seen_time": "2024-08-04 10:03:46.168",
"vendor_name": "Mitre",
"title": "CVE-2020-8515",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 10:03:46.168",
"references": [
"https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html",
"https://nvd.nist.gov/vuln/detail/CVE-2020-8515"
],
"cve": {
"uid": "CVE-2020-8515",
"created_time": "2020-02-01 00:00:00",
"modified_time": "2024-08-04 10:03:46.168",
"references": [
"https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html",
"https://nvd.nist.gov/vuln/detail/CVE-2020-8515"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2019-12-30 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "IBM Data Risk Manager Remote Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2020-4428",
"correlation_uid": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"logged_time": "2020-05-07 19:20:19.315106",
"original_time": "2019-12-30 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-4428"
}
],
"osint": [
{
"comment": "IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.\ufffd",
"confidence_id": 3,
"value": "CVE-2020-4428",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-4428",
"vendor_name": "Ibm",
"uid": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"vulnerabilities": [
{
"desc": "IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.",
"first_seen_time": "2020-05-07 19:20:19.315106",
"last_seen_time": "2024-09-17 04:24:36.267",
"vendor_name": "Ibm",
"title": "CVE-2020-4428",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-09-17 04:24:36.267",
"references": [
"https://www.ibm.com/support/pages/node/6206875",
"https://nvd.nist.gov/vuln/detail/CVE-2020-4428"
],
"cve": {
"uid": "CVE-2020-4428",
"created_time": "2019-12-30 00:00:00",
"modified_time": "2024-09-17 04:24:36.267",
"references": [
"https://www.ibm.com/support/pages/node/6206875",
"https://nvd.nist.gov/vuln/detail/CVE-2020-4428"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "Gain Access",
"src_url": null
},
"affected_packages": [
{
"name": "Data Risk Manager",
"version": "2.0.1",
"vendor_name": "Ibm"
},
{
"name": "Data Risk Manager",
"version": "2.0.2",
"vendor_name": "Ibm"
},
{
"name": "Data Risk Manager",
"version": "2.0.3",
"vendor_name": "Ibm"
},
{
"name": "Data Risk Manager",
"version": "2.0.4",
"vendor_name": "Ibm"
},
{
"name": "Data Risk Manager",
"version": "2.0.5",
"vendor_name": "Ibm"
},
{
"name": "Data Risk Manager",
"version": "2.0.6",
"vendor_name": "Ibm"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2021-01-05 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2021-22502",
"correlation_uid": "f81092c5-7f14-476d-80dc-24857f90be84",
"logged_time": "2021-02-08 21:12:35",
"original_time": "2021-01-05 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2021-22502"
}
],
"osint": [
{
"comment": "Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.",
"confidence_id": 3,
"value": "CVE-2021-22502",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2021-22502",
"vendor_name": "Microfocus",
"uid": "f81092c5-7f14-476d-80dc-24857f90be84",
"vulnerabilities": [
{
"desc": "Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.",
"first_seen_time": "2021-02-08 21:12:35",
"last_seen_time": "2024-08-03 18:44:13.632",
"vendor_name": "Microfocus",
"title": "CVE-2021-22502",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-03 18:44:13.632",
"references": [
"https://softwaresupport.softwaregrp.com/doc/KM03775947",
"https://nvd.nist.gov/vuln/detail/CVE-2021-22502"
],
"cve": {
"uid": "CVE-2021-22502",
"created_time": "2021-01-05 00:00:00",
"modified_time": "2024-08-03 18:44:13.632",
"references": [
"https://softwaresupport.softwaregrp.com/doc/KM03775947",
"https://nvd.nist.gov/vuln/detail/CVE-2021-22502"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "Remote Code execution.",
"src_url": null
},
"affected_packages": [
{
"name": "Operation Bridge Reporter.",
"version": "OBR 10.40",
"vendor_name": "Microfocus"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2019-09-05 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Nagios XI Remote Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2019-15949",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2019-09-05 16:50:38",
"original_time": "2019-09-05 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2019-15949"
}
],
"osint": [
{
"comment": "Nagios XI contains a remote code execution vulnerability in which a user can modify the check_plugin executable and insert malicious commands to execute as root.",
"confidence_id": 3,
"value": "CVE-2019-15949",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2019-15949",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.",
"first_seen_time": "2019-09-05 16:50:38",
"last_seen_time": "2024-08-05 01:03:32.416",
"vendor_name": "Mitre",
"title": "CVE-2019-15949",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 01:03:32.416",
"references": [
"https://github.com/jakgibb/nagiosxi-root-rce-exploit",
"https://nvd.nist.gov/vuln/detail/CVE-2019-15949"
],
"cve": {
"uid": "CVE-2019-15949",
"created_time": "2019-09-05 00:00:00",
"modified_time": "2024-08-05 01:03:32.416",
"references": [
"https://github.com/jakgibb/nagiosxi-root-rce-exploit",
"https://nvd.nist.gov/vuln/detail/CVE-2019-15949"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2019-11-27 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Netis WF2419 Devices Remote Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2019-19356",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2020-02-07 22:49:07",
"original_time": "2019-11-27 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2019-19356"
}
],
"osint": [
{
"comment": "Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page.",
"confidence_id": 3,
"value": "CVE-2019-19356",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2019-19356",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.",
"first_seen_time": "2020-02-07 22:49:07",
"last_seen_time": "2024-08-05 02:16:47.049",
"vendor_name": "Mitre",
"title": "CVE-2019-19356",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 02:16:47.049",
"references": [
"https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356",
"https://nvd.nist.gov/vuln/detail/CVE-2019-19356"
],
"cve": {
"uid": "CVE-2019-19356",
"created_time": "2019-11-27 00:00:00",
"modified_time": "2024-08-05 02:16:47.049",
"references": [
"https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356",
"https://nvd.nist.gov/vuln/detail/CVE-2019-19356"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2019-04-25 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2019-11539",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2019-04-26 01:39:36",
"original_time": "2019-04-25 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2019-11539"
}
],
"osint": [
{
"comment": "Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.",
"confidence_id": 3,
"value": "CVE-2019-11539",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2019-11539",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.",
"first_seen_time": "2019-04-26 01:39:36",
"last_seen_time": "2024-08-04 22:55:40.818",
"vendor_name": "Mitre",
"title": "CVE-2019-11539",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 22:55:40.818",
"references": [
"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101",
"https://nvd.nist.gov/vuln/detail/CVE-2019-11539"
],
"cve": {
"uid": "CVE-2019-11539",
"created_time": "2019-04-25 00:00:00",
"modified_time": "2024-08-04 22:55:40.818",
"references": [
"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101",
"https://nvd.nist.gov/vuln/detail/CVE-2019-11539"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-03-08 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "rConfig OS Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2020-10221",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2020-03-08 21:03:47",
"original_time": "2020-03-08 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-10221"
}
],
"osint": [
{
"comment": "rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter.",
"confidence_id": 3,
"value": "CVE-2020-10221",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-10221",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.",
"first_seen_time": "2020-03-08 21:03:47",
"last_seen_time": "2024-08-04 10:58:39.079",
"vendor_name": "Mitre",
"title": "CVE-2020-10221",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 10:58:39.079",
"references": [
"https://cwe.mitre.org/data/definitions/78.html",
"https://nvd.nist.gov/vuln/detail/CVE-2020-10221"
],
"cve": {
"uid": "CVE-2020-10221",
"created_time": "2020-03-08 00:00:00",
"modified_time": "2024-08-04 10:58:39.079",
"references": [
"https://cwe.mitre.org/data/definitions/78.html",
"https://nvd.nist.gov/vuln/detail/CVE-2020-10221"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-08-04 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "SaltStack Salt Shell Injection Vulnerability",
"metadata": {
"uid": "CVE-2020-16846",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2020-11-06 07:27:24",
"original_time": "2020-08-04 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-16846"
}
],
"osint": [
{
"comment": "SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.",
"confidence_id": 3,
"value": "CVE-2020-16846",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-16846",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.",
"first_seen_time": "2020-11-06 07:27:24",
"last_seen_time": "2024-08-04 13:45:33.237",
"vendor_name": "Mitre",
"title": "CVE-2020-16846",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 13:45:33.237",
"references": [
"https://github.com/saltstack/salt/releases",
"https://nvd.nist.gov/vuln/detail/CVE-2020-16846"
],
"cve": {
"uid": "CVE-2020-16846",
"created_time": "2020-08-04 00:00:00",
"modified_time": "2024-08-04 13:45:33.237",
"references": [
"https://github.com/saltstack/salt/releases",
"https://nvd.nist.gov/vuln/detail/CVE-2020-16846"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2020-03-26 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability",
"metadata": {
"uid": "CVE-2020-10987",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2020-07-13 18:46:12",
"original_time": "2020-03-26 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-10987"
}
],
"osint": [
{
"comment": "Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter.",
"confidence_id": 3,
"value": "CVE-2020-10987",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-10987",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.",
"first_seen_time": "2020-07-13 18:46:12",
"last_seen_time": "2024-08-04 11:21:14.161",
"vendor_name": "Mitre",
"title": "CVE-2020-10987",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 11:21:14.161",
"references": [
"https://www.ise.io/research/",
"https://nvd.nist.gov/vuln/detail/CVE-2020-10987"
],
"cve": {
"uid": "CVE-2020-10987",
"created_time": "2020-03-26 00:00:00",
"modified_time": "2024-08-04 11:21:14.161",
"references": [
"https://www.ise.io/research/",
"https://nvd.nist.gov/vuln/detail/CVE-2020-10987"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2018-07-23 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2018-14558",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2018-10-30 18:00:00",
"original_time": "2018-07-23 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2018-14558"
}
],
"osint": [
{
"comment": "Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the \"formsetUsbUnload\" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.",
"confidence_id": 3,
"value": "CVE-2018-14558",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2018-14558",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the \"formsetUsbUnload\" function executes a dosystemCmd function with untrusted input.",
"first_seen_time": "2018-10-30 18:00:00",
"last_seen_time": "2024-08-05 09:29:51.678",
"vendor_name": "Mitre",
"title": "CVE-2018-14558",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-05 09:29:51.678",
"references": [
"https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-01/Tenda.md",
"https://nvd.nist.gov/vuln/detail/CVE-2018-14558"
],
"cve": {
"uid": "CVE-2018-14558",
"created_time": "2018-07-23 00:00:00",
"modified_time": "2024-08-05 09:29:51.678",
"references": [
"https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-01/Tenda.md",
"https://nvd.nist.gov/vuln/detail/CVE-2018-14558"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2019-12-30 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Multiple VMware Products Command Injection Vulnerability",
"metadata": {
"uid": "CVE-2020-4006",
"correlation_uid": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"logged_time": "2020-11-23 21:22:40",
"original_time": "2019-12-30 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2020-4006"
}
],
"osint": [
{
"comment": "VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.",
"confidence_id": 3,
"value": "CVE-2020-4006",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2020-4006",
"vendor_name": "Vmware",
"uid": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"vulnerabilities": [
{
"desc": "VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.",
"first_seen_time": "2020-11-23 21:22:40",
"last_seen_time": "2024-08-04 07:52:20.426",
"vendor_name": "Vmware",
"title": "CVE-2020-4006",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-04 07:52:20.426",
"references": [
"https://www.vmware.com/security/advisories/VMSA-2020-0027.html",
"https://nvd.nist.gov/vuln/detail/CVE-2020-4006"
],
"cve": {
"uid": "CVE-2020-4006",
"created_time": "2019-12-30 00:00:00",
"modified_time": "2024-08-04 07:52:20.426",
"references": [
"https://www.vmware.com/security/advisories/VMSA-2020-0027.html",
"https://nvd.nist.gov/vuln/detail/CVE-2020-4006"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "Command Injection",
"src_url": null
},
"affected_packages": [
{
"name": "VMware Workspace One Access (Access), VMware Workspace One Access Connector (Access Connector), VMware Identity Manager (vIDM), VMware Identity Manager Connector (vIDM Connector), VMware Cloud Foundation, vRealize Suite Lifecycle Manager",
"version": "Multiple",
"vendor_name": "Vmware"
}
]
}
]
}
]
},
{
"activity_id": 2,
"category_uid": 5,
"class_uid": 5021,
"severity_id": 1,
"status_id": 1,
"type_uid": 502102,
"start_time": "2021-02-22 00:00:00",
"time": "2024-11-05 19:13:34.675",
"message": "Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability",
"metadata": {
"uid": "CVE-2021-27561",
"correlation_uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"logged_time": "2021-10-15 17:11:45",
"original_time": "2021-02-22 00:00:00",
"processed_time": "2024-11-05 19:13:34.675",
"version": "1.4.0",
"product": {
"lang": "en",
"name": "Known Exploited Vulnerabilities Catalog",
"url_string": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"vendor_name": "Cybersecurity & Infrastructure Security Agency",
"version": "5.1"
}
},
"observables": [
{
"name": "osint.vulnerabilities.cve.uid",
"type_id": 18,
"value": "CVE-2021-27561"
}
],
"osint": [
{
"comment": "Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.",
"confidence_id": 3,
"value": "CVE-2021-27561",
"type_id": 10,
"name": "CVE_RECORD",
"src_url": "https://cveawg.mitre.org/api/cve/CVE-2021-27561",
"vendor_name": "Mitre",
"uid": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"vulnerabilities": [
{
"desc": "Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.",
"first_seen_time": "2021-10-15 17:11:45",
"last_seen_time": "2024-08-03 21:26:09.742",
"vendor_name": "Mitre",
"title": "CVE-2021-27561",
"is_exploit_available": true,
"exploit_last_seen_time": "2024-08-03 21:26:09.742",
"references": [
"https://ssd-disclosure.com/?p=4688",
"https://nvd.nist.gov/vuln/detail/CVE-2021-27561"
],
"cve": {
"uid": "CVE-2021-27561",
"created_time": "2021-02-22 00:00:00",
"modified_time": "2024-08-03 21:26:09.742",
"references": [
"https://ssd-disclosure.com/?p=4688",
"https://nvd.nist.gov/vuln/detail/CVE-2021-27561"
],
"cvss": []
},
"cwe": {
"uid": null,
"caption": "n/a",
"src_url": null
},
"affected_packages": [
{
"name": "n/a",
"version": "n/a",
"vendor_name": "Mitre"
}
]
}
]
}
]
}
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment