​*WARNING: Extremely Heavy Human Momentum behind Multiple RCE’s Targeting vCenter (CVE-2021-21972)* Sensors are seeing convergence between CVE-2021-21972 exploit signals and pillar signals (signals that consistently show strong human momentum), indicating massive human interest in these publicly available exploits.  
 
“A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.”
 
Exploit 1: QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC (github.com)
 
Exploit 2: NS-Sp4ce/CVE-2021-21972: CVE-2021-21972 (github.com)
 
#cyberthreatintelligence #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam 

Sensors have just ingested a publicly available exploit targeting the Windows installer (msiexec.exe), granting SYSTEM level privileges. We have not tested this exploit yet but plan to in the coming days.
 
EoP Exploit: klinix5/CVE-2021-1727 (github.com)
 
Microsoft Guidance: CVE-2021-1727 - Security Update Guide - Microsoft - Windows Installer Elevation of Privilege Vulnerability
 
#cyberthreatintelligence #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam 

Sensors are reading heavy human momentum behind a code repository that has paired together exploits targeting Linux local privilege escalation through heap overflow in sudo (CVE-2021-3156) and an out of bounds write in V8. Chrome versions <= 83.0.4103.97 (CVE-2020-6507). We have not had time to look into this pairing but the amount of momentum behind this repo suggests elevated human interest in this repository.
 
Repo: r4j0x00/exploits (github.com)
 
#cyberthreatintelligence #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam