{"vulnerability": "cve-2021-3552", "sightings": [{"uuid": "c11a15a6-4447-4266-9890-8aafe243d7de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35523", "type": "published-proof-of-concept", "source": "https://t.me/D4RKW0R1D/93", "content": "Red Team Tactics\nLeveraging a 0-day vulnerability in Zoom\ud83d\ude01\nhttps://medium.com/manomano-tech/a-red-team-operation-leveraging-a-zero-day-vulnerability-in-zoom-80f57fb0822e\n\nexploit\nCVE-2021-37152:\nhttps://github.com/lhashashinl/CVE-2021-37152\n// Exploit Accsess network clients by sending packets in wirless TP-LINK and preparing for a mitm attack\n\nThreat Research\n1. CVE-2021-35523:\nLPE in Securepoint SSL VPN Client 2.0.3\nhttps://bogner.sh/2021/06/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30\n2. Detailed overview of tactics, techniques and procedures (TTPs) of the most active REvil partners\nhttps://blog.group-ib.com/revil_raas\n\nWLAN Security\nRealtek WiFi Firmware and a Fully 8051-based Keylogger Using RealWOW Technology\nhttps://8051enthusiast.github.io/2021/07/05/002-wifi_fun.html", "creation_timestamp": "2021-07-06T07:06:05.000000Z"}, {"uuid": "9ea2ed73-9ea9-4613-815b-3dc0184049ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35523", "type": "published-proof-of-concept", "source": "https://t.me/D4RKW0R1D/3645", "content": "Red Team Tactics\nLeveraging a 0-day vulnerability in Zoom\ud83d\ude01\nhttps://medium.com/manomano-tech/a-red-team-operation-leveraging-a-zero-day-vulnerability-in-zoom-80f57fb0822e\n\nexploit\nCVE-2021-37152:\nhttps://github.com/lhashashinl/CVE-2021-37152\n// Exploit Accsess network clients by sending packets in wirless TP-LINK and preparing for a mitm attack\n\nThreat Research\n1. CVE-2021-35523:\nLPE in Securepoint SSL VPN Client 2.0.3\nhttps://bogner.sh/2021/06/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30\n2. Detailed overview of tactics, techniques and procedures (TTPs) of the most active REvil partners\nhttps://blog.group-ib.com/revil_raas\n\nWLAN Security\nRealtek WiFi Firmware and a Fully 8051-based Keylogger Using RealWOW Technology\nhttps://8051enthusiast.github.io/2021/07/05/002-wifi_fun.html", "creation_timestamp": "2021-07-06T05:06:08.000000Z"}, {"uuid": "c4b7cb70-b565-4d26-8c40-996c7d8ac827", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3552", "type": "seen", "source": "https://t.me/cibsecurity/32958", "content": "\u203c CVE-2021-3552 \u203c\n\nA Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-24T18:27:15.000000Z"}, {"uuid": "3a516cab-b9a0-42b5-a749-4fd34580610c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35528", "type": "seen", "source": "https://t.me/cibsecurity/32534", "content": "\u203c CVE-2021-35528 \u203c\n\nImproper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T20:14:43.000000Z"}, {"uuid": "609826d3-6596-4cc6-8d2a-0ee7578f2865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35520", "type": "seen", "source": "https://t.me/cibsecurity/26378", "content": "\u203c CVE-2021-35520 \u203c\n\nA Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of services, and information disclosure via serial ports.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-22T16:36:26.000000Z"}, {"uuid": "91614027-3b5a-4345-8396-ca414e591ead", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35521", "type": "seen", "source": "https://t.me/cibsecurity/26375", "content": "\u203c CVE-2021-35521 \u203c\n\nA path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclosure via TCP/IP packets.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-22T16:36:23.000000Z"}, {"uuid": "c329362a-640e-4ab1-aeba-e362eb8e5bd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35522", "type": "seen", "source": "https://t.me/cibsecurity/26373", "content": "\u203c CVE-2021-35522 \u203c\n\nA Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-22T16:36:21.000000Z"}, {"uuid": "003d48ed-24a2-4a7e-b70a-5636f93ddfc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35523", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3776", "content": "#Threat_Research\n1. CVE-2021-35523:\nLPE in Securepoint SSL VPN Client 2.0.3\nhttps://bogner.sh/2021/06/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30\n2. Detailed overview of tactics, techniques and procedures (TTPs) of the most active REvil partners\nhttps://blog.group-ib.com/revil_raas", "creation_timestamp": "2021-07-06T12:18:40.000000Z"}, {"uuid": "95d464f6-3e8c-47fa-9ab1-1a3611c36abe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35529", "type": "seen", "source": "https://t.me/cibsecurity/27650", "content": "\u203c CVE-2021-35529 \u203c\n\nInsufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-20T22:23:31.000000Z"}, {"uuid": "4ed33ae2-d93a-4592-b8d6-da21fd4bacfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35526", "type": "seen", "source": "https://t.me/cibsecurity/28519", "content": "\u203c CVE-2021-35526 \u203c\n\nBackup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager \u00e2\u20ac\u201c SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager \u00e2\u20ac\u201c SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-08T20:45:58.000000Z"}]}