{"vulnerability": "CVE-2023-33246", "sightings": [{"uuid": "18bd96cd-d59a-479f-bc5d-981d275f4465", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3403", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33246\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0\n\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0\n\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x .\n\ud83d\udccf Published: 2023-07-06T21:15:04Z\n\ud83d\udccf Modified: 2025-01-29T22:00:17Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-33246\n2. https://github.com/apache/rocketmq/commit/9d411cf04a695e7a3f41036e8377b0aa544d754d\n3. https://github.com/apache/rocketmq/commit/c3ada731405c5990c36bf58d50b3e61965300703\n4. https://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT\n5. https://github.com/apache/rocketmq\n6. https://github.com/jakabakos/CVE-2023-33246_Apache_RocketMQ_RCE\n7. https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp\n8. https://www.vicarius.io/vsociety/posts/rocketmq-rce-cve-2023-33246-33247\n9. http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html\n10. http://www.openwall.com/lists/oss-security/2023/07/12/1", "creation_timestamp": "2025-01-29T22:10:53.000000Z"}, {"uuid": "c64ca8f3-80a4-42d6-8515-f0f99f4a4cd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4333", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-37582\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. \n\nWhen NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. \n\nIt is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.\n\ud83d\udccf Published: 2023-07-12T12:31:36Z\n\ud83d\udccf Modified: 2025-02-13T19:00:52Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-37582\n2. https://github.com/apache/rocketmq\n3. https://lists.apache.org/thread/m614czxtpvlztd7mfgcs2xcsg36rdbnc\n4. http://www.openwall.com/lists/oss-security/2023/07/12/1", "creation_timestamp": "2025-02-13T19:21:34.000000Z"}, {"uuid": "de8593ec-f704-45e6-b105-69b1325a8469", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "exploited", "source": "https://t.me/BleepingComputer/19173", "content": "\u200aHackers target Apache RocketMQ servers vulnerable to RCE attacks\n\nSecurity researchers are detecting hundreds of IP addresses on a daily basis that scan\u00a0or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as\u00a0CVE-2023-33246 and\u00a0CVE-2023-37582. [...]\n\nhttps://www.bleepingcomputer.com/news/security/hackers-target-apache-rocketmq-servers-vulnerable-to-rce-attacks/", "creation_timestamp": "2024-01-05T18:42:26.000000Z"}, {"uuid": "387e727d-3a95-4b85-b38c-72457056c2ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/purple_medved/65", "content": "\u0421\u0435\u0433\u043e\u0434\u043d\u044f \u043f\u043e\u0433\u043e\u0432\u043e\u0440\u0438\u043c \u043e\u0431 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 RCE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438 CVE-2023-37582 \u0432 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u043d\u043e\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 NameServer \u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 Apache RocketMQ.\n\nApache RocketMQ - \u044d\u0442\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0434\u043b\u044f \u043e\u0431\u043c\u0435\u043d\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u043c\u0438 \u0438 \u043f\u043e\u0442\u043e\u043a\u043e\u0432\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u043e\u0442 Alibaba \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u0447\u0440\u0435\u0437\u0432\u044b\u0447\u0430\u0439\u043d\u043e \u043d\u0438\u0437\u043a\u0443\u044e \u0437\u0430\u0434\u0435\u0440\u0436\u043a\u0443, \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0438 \u0431\u043e\u043b\u044c\u0448\u0443\u044e \u0435\u043c\u043a\u043e\u0441\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439.\n\n\u041f\u043e \u0441\u0443\u0442\u0438 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442, \u043a\u0430\u043a \u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0435 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0430\u0442\u0447\u0430 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2023-33246 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 NameServer, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0444\u0430\u0439\u043b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043d\u0430 \u043f\u043e\u0440\u0442\u0443 tcp/9876 \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Broker.\n\nPOC \u043d\u0438\u0436\u0435 \u043f\u0440\u043e\u0441\u0442\u043e \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0444\u0430\u0439\u043b\u0438\u043a \u0432 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044e \u0434\u043b\u044f \u043d\u0430\u0433\u043b\u044f\u0434\u043d\u043e\u0439 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u0438: \nbody = 'configStorePath=/tmp/pwned\\nproductEnvName=test/path\\\\ntest\\\\ntest'.encode('utf-8') \n\u0414\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0431\u043e\u0435\u0432\u043e\u0433\u043e RCE \u043c\u043e\u0436\u043d\u043e \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c payload \u0438 \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u0437\u0430\u043b\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0439 ssh-\u043a\u043b\u044e\u0447 \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043e\u0442 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0437\u0430\u043f\u0443\u0449\u0435\u043d RocketMQ \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0443\u044e \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044e \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\ud83e\udeb2\u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e: Apache RocketMQ \u0434\u043e 4.9.6, 5.0.0-5.1.1\n\u2699\ufe0fPOC: https://github.com/Malayke/CVE-2023-37582_EXPLOIT\n\u2705 \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438: \u041f\u0430\u0442\u0447 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.1.11\n\n#CVE-2023-37582 #RCE #RocketMQ", "creation_timestamp": "2023-07-18T09:39:03.000000Z"}, {"uuid": "4ebea9ca-d5a1-45e0-8bef-5d6970048fe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "https://t.me/kasperskyb2b/858", "content": "\u23e9 \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0438 \u0418\u0411-\u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\u2755 \u041e\u0431\u0449\u0438\u0439 \u043e\u0431\u0437\u043e\u0440 \u0438 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0443\u0433\u0440\u043e\u0437 \u0432\u043e II \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2023 \u0433 \u043e\u0442 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u043e\u0432 \u00ab\u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e\u00bb:\n\u0426\u0435\u043b\u0435\u0432\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 \u0438 \u0432\u0430\u0436\u043d\u044b\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f,  \n\u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 \u0434\u043b\u044f \u041f\u041a, \n\u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0435 \u0443\u0433\u0440\u043e\u0437\u044b.  \n\u0421\u0440\u0435\u0434\u0438 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 APT \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u0434\u0435\u043b\u044f\u044e\u0442 \u0430\u0442\u0430\u043a\u0443 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a 3CX \u0441 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435\u043c \u0412\u041f\u041e GoPuram, \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u044e \u0422\u0440\u0438\u0430\u043d\u0433\u0443\u043b\u044f\u0446\u0438\u044f \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e Lazarus DeathNote, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 CloudWizard, \u0438 GoldenJackal.\n\u041c\u0435\u043d\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e, \u043d\u043e \u043a\u0440\u0430\u0439\u043d\u0435 \u043d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u043e, \u0447\u0442\u043e \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u044c\u0449\u0438\u043a\u0438 \u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u043f\u0440\u043e\u0446\u0432\u0435\u0442\u0430\u0442\u044c: \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 15 \u043d\u043e\u0432\u044b\u0445 \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432 \u0438 1917 \u0441\u0432\u0435\u0436\u0438\u0445 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0439.\n\n\ud83c\udf10 \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 RocketMQ (CVE-2023-33246, CVSS 9.8) \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u043d\u0438\u044f \u0431\u043e\u0442\u043d\u0435\u0442\u0430 Dreambus \u0438  \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0430 Monero. \u0412\u041f\u041e \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043e\u0431\u0444\u0443\u0441\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u0438 \u043e\u0441\u043d\u0430\u0449\u0435\u043d\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u2014 \u0434\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0441\u043a\u0440\u0438\u043f\u0442\u044b \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0436\u0435\u0440\u0442\u0432\u044b \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438  ansible, knife, salt \u0438  pssh.\n\n\ud83c\udf10 \u041d\u043e\u0432\u0430\u044f APT Earth Estries, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u043f\u0435\u0440\u0435\u0441\u0435\u043a\u0430\u044e\u0449\u0430\u044f\u0441\u044f \u0441 FamousSparrow, \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0438 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u042e\u0433\u043e-\u0412\u043e\u0441\u0442\u043e\u0447\u043d\u043e\u0439 \u0410\u0437\u0438\u0438, \u042e\u0410\u0420, \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u0438 \u0438 \u0421\u0428\u0410. \u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0446\u0435\u043b\u044c\u044e \u0433\u0440\u0443\u043f\u043f\u044b \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0448\u043f\u0438\u043e\u043d\u0430\u0436, \u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0448\u0438\u0440\u043e\u043a\u0438\u0439 \u0441\u043f\u0435\u043a\u0442\u0440 \u043c\u0430\u043b\u043e\u0437\u0430\u043c\u0435\u0442\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 Cobalt Strike, Powershell \u0441 \u043f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u043f\u043e\u043d\u0438\u0436\u0435\u043d\u0438\u0435\u043c \u0432\u0435\u0440\u0441\u0438\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0444\u0438\u0440\u043c\u0435\u043d\u043d\u044b\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u044b Zingdoor, TrillClient \u0438 HemiGate. \u0427\u0442\u043e\u0431\u044b \u0441\u043d\u0438\u0437\u0438\u0442\u044c \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f, \u043f\u043e\u0441\u043b\u0435 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0433\u043e \u044d\u0442\u0430\u043f\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0441\u0435 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0443\u0434\u0430\u043b\u044f\u044e\u0442\u0441\u044f, \u0430 \u043b\u043e\u0433\u0438 \u0447\u0438\u0441\u0442\u044f\u0442\u0441\u044f. \u041d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u0435, \u043a\u0430\u043a \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0447\u0435\u0440\u0435\u0437 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \ud83d\ude2e.  \n\n\ud83d\udcac \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u043d\u0430\u0433\u0440\u0443\u0437\u043e\u043a Brute Ratel C4, \u0432\u0441\u0451 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430, \u043a\u043e\u043d\u043a\u0443\u0440\u0438\u0440\u0443\u044e\u0449\u0435\u0433\u043e \u0441 Cobalt Strike.\n\n\ud83d\udc6e\u200d\u2640\ufe0f \u041f\u0440\u0430\u0432\u043e\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043e\u0440\u0433\u0430\u043d\u044b \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0441\u0442\u0440\u0430\u043d \u043f\u0440\u043e\u0432\u0435\u043b\u0438 \u0441\u043a\u043e\u043e\u0440\u0434\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u044e \u043f\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044e \u0431\u043e\u0442\u043d\u0435\u0442\u0430 Qbot/Qakbot. \u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044f \u0432 \u0440\u0430\u0437\u043d\u044b\u0445 \u0444\u043e\u0440\u043c\u0430\u0445 \u0430\u0436 \u0441 2007 \u0433\u043e\u0434\u0430, \u044d\u0442\u0430 \u0437\u0430\u0440\u0430\u0437\u0430 \u043f\u0440\u043e\u0448\u043b\u0430 \u043f\u0443\u0442\u044c \u043e\u0442 \u0431\u0430\u043d\u043a\u0435\u0440\u0430 \u0434\u043e \u043c\u043d\u043e\u0433\u043e\u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u0442\u0440\u043e\u044f\u043d\u0430, \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0447\u0430\u0441\u0442\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u043c\u043e\u0433\u043e \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u043d\u0438\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0445 \u0430\u0442\u0430\u043a ransomware. Qbot \u0443\u0434\u0430\u043b\u0438\u043b\u0438 \u0441 700 000 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432 \ud83d\ude31\n\u041e\u0442\u0434\u0435\u043b\u044c\u043d\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u043f\u0440\u0438\u043c\u0435\u043d\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u0435\u0438\u043d\u0441\u0442\u0430\u043b\u043b\u044f\u0442\u043e\u0440\u0430 \ud83d\ude0a\n\n\u0420\u0430\u0437\u0431\u043e\u0440 open source \u0438\u043d\u0444\u043e\u0441\u0442\u0438\u043b\u0435\u0440\u0430 Sapphire stealer, \u0441 \u0434\u0435\u043a\u0430\u0431\u0440\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u043c\u043d\u043e\u0433\u0438\u043c\u0438 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0430\u043c\u0438 \u043a\u0430\u043a \u0432 \u043d\u0435\u0438\u0437\u043c\u0435\u043d\u043d\u043e\u043c \u0432\u0438\u0434\u0435, \u0442\u0430\u043a \u0438 \u0441 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c\u0438 \u0434\u043e\u0440\u0430\u0431\u043e\u0442\u043a\u0430\u043c\u0438. \u0418\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u0440\u0430\u043d\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e SMTP, \u0430 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043e\u0431\u0443\u0447\u0438\u043b\u0438\u0441\u044c \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 Discord \u0438 Telegram.\n\n\ud83d\ude80 \u0412 Google Play \u043f\u043e\u044f\u0432\u0438\u043b\u0438\u0441\u044c \u0442\u0440\u043e\u044f\u043d\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0438 \u043f\u043e\u0434 Signal \u0438 Telegram.  \u041f\u043e\u0434 \u043a\u0430\u043f\u043e\u0442\u043e\u043c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Signal Plus \u0438 Flygram \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0412\u041f\u041e BadBazaar, \u0441\u0440\u0435\u0434\u0438 \u0436\u0435\u0440\u0442\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u0415\u0432\u0440\u043e\u043f\u044b, \u0421\u0428\u0410 \u0438 \u0413\u043e\u043d\u043a\u043e\u043d\u0433\u0430.\n\n\u23e9 \u041a\u0430\u043a \u0438 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u043b\u043e\u0441\u044c, 4 \u0443\u044f\u0432\u0437\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Junos \u0441\u0442\u0430\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u0436\u0435\u043b\u0435\u0437\u043a\u0438 Juniper \u043f\u0440\u044f\u043c\u043e \u0432 \u0434\u0435\u043d\u044c \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 PoC.\n\n#\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 #APT @\u041f2\u0422", "creation_timestamp": "2023-09-04T08:59:36.000000Z"}, {"uuid": "fee2e117-dad3-4e12-86e1-16fc6ea7c9f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "https://t.me/arpsyndicate/704", "content": "#ExploitObserverAlert\n\nCVE-2023-33246\n\nDESCRIPTION: Exploit Observer has 39 entries related to CVE-2023-33246. For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x .\n\nFIRST-EPSS: 0.970860000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-29T08:54:41.000000Z"}, {"uuid": "cb1883b9-4fee-437c-bb43-b9a6b71d18ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3076", "content": "Tools - Hackers Factory \n\nCVE-2023-33733\n\nThis write-up details how an RCE in Reportlab - was found and exploited. Due to the prevalence of Reportlab in HTML to PDF processing, this vulnerability may be reachable in many applications that process PDF files, making this an important one to patch and look out for.\n\nhttps://github.com/c53elyas/CVE-2023-33733\n\n#cve #cybersecurity #infosec\n\nLoki\n\nA Little Web Honeypot.\n\nhttps://github.com/TheKingOfDuck/Loki\n\n#cybersecurity #infosec\n\nPyrai - Mirai python variant\n\nThis is a working variant of the Mirai IOT botnet, this is fully written in Python3. In this paper I'm going to show you how to configure each script in order to setup your PyRai.\n\nhttps://github.com/readloud/PyRai\n\n#cybersecurity #infosec #redteam\n\nCVE-2023-33781\n\nD-Link DIR-842V2 v1.0.3 was discovered to allow a user to run an arbitrary binary when connecting to telnet. This vulnerability can be triggered using backup/restore functionality.\n\nhttps://github.com/s0tr/CVE-2023-33781\n\n#cve #cybersecurity #infosec\n\nCVE-2023-33782\n\nD-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability in the iperf3 diagnostics functionality.\n\nhttps://github.com/s0tr/CVE-2023-33782\n\n#cve #cybersecurity #infosec\n\nHackBrowserData \n\nCommand-line tool for decrypting and exporting browser data ( passwords, history, cookies, bookmarks, credit cards, download records, localStorage and extension ) from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux.\n\nhttps://github.com/moonD4rk/HackBrowserData\n\n#infosec #pentesting #redteam\n\nVMClarity \n\nOpen source tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and security threats such as vulnerabilities, exploits, malware, rootkits, misconfigurations and leaked secrets.\n\nhttps://github.com/openclarity/vmclarity\n\n#cybersecurity #infosec #pentesting\n\nCVE-2023-33246 \n\nRocketMQ Remote Code Execution #Exploit.\n\nhttps://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT\n\n#cve #cybersecurity #infosec\n\n2023-33381\n\nOS command injection on MitraStar GPT-2741GNAC.\n\nhttps://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC\n\n#cve #cybersecurity #infosec\n\nEyeballer\n\nEyeballer is meant for large-scope network penetration tests where you need to find \"interesting\" targets from a huge set of web-based hosts. Go ahead and use your favorite screenshotting tool like normal (EyeWitness or GoWitness) and then run them through Eyeballer to tell you what's likely to contain vulnerabilities, and what isn't.\n\nhttps://github.com/BishopFox/eyeballer\n\n#cybersecurity #infosec #pentesting\n\nMultichain Auditor\n\nObservations and tips for auditing protocols on multiple chains \ud83e\uddd0\n\nhttps://github.com/0xJuancito/multichain-auditor\n\n#cybersecurity #infosec\n\nCoraza - Web Application Firewall\n\nCoraza is an open source, enterprise-grade, high performance Web Application Firewall (WAF) ready to protect your beloved applications. It written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set.\n\nhttps://github.com/corazawaf/coraza\n\n#cybersecurity #infosec\n\nCVE-2020-35489\n\nCVE-2020-35489 Vulnerability Scanner in #Wordpress Websites.\n\nhttps://github.com/reneoliveirajr/wp_CVE-2020-35489_checker\n\n#cybersecurity #infosec\n\nRegStrike\n\nA .reg payload generator.\n\nhttps://github.com/itaymigdal/RegStrike\n\n#infosec #pentesting #redteam\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-06-05T06:48:53.000000Z"}, {"uuid": "b367b3da-f156-4d1c-9a90-a7116037cfd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3071", "content": "Tools - Hackers Factory \n\nRuy-Lopez\n\nThis repository contains the Proof-of-Concept(PoC) for a new approach to completely prevent DLLs from being loaded into a newly spawned process. The initial use-case idea was to block AV/EDR vendor DLLs from being loaded, so that userland hooking based detections are bypassed.\n\nhttps://github.com/S3cur3Th1sSh1t/Ruy-Lopez\n\n#infosec #pentesting #redteam\n\nCymulate Framework\n\nA framework to help #redteam construct fully customizable and automated APT attacks easily.\n\nhttps://github.com/opabravo/cymulate-framework\n\n#cybersecurity #infosec #pentesting\n\nAttacking WPA3\n\nNew Vulnerabilities &amp; Exploit Framework!\n\nhttps://github.com/domienschepers/wifi-framework\n\nDetails:\nhttps://conference.hitb.org/hitbsecconf2022sin/session/attacking-wpa3-new-vulnerabilities-and-exploit-framework/\n\n#cybersecurity #infosec #pentesting\n\nSshimpanzee\n\nA reverse shell based on sshd supporting DNS and ICMP Tunnelling as well as HTTP and Socks Proxies.\n\nhttps://github.com/lexfo/sshimpanzee\n\n#infosec #pentesting #redteam\n\nMihari\n\nA tool for #OSINT based threat hunting.\n\nhttps://github.com/ninoseki/mihari\n\nCVE-2023-33246\n\nApache rocketmq remote code execution vulnerability.\n\nhttps://github.com/I5N0rth/CVE-2023-33246\n\n#cve #cybersecurity #infosec\n\nRISC-V: Emoji Shellcoding\n\nThis tool \u2692 helps design RISC-V (both 32-bit and 64-bit) shellcodes capable of running arbitrary code, whose ASCII binary representation use only Unicode UTF-8 emojis \ud83e\udd2f.\n\nhttps://github.com/RischardV/emoji-shellcoding\n\n#cybersecurity #infosec #redteam\n\nCQ\n\nCode Query, a universal code security scanning tool.\n\nhttps://github.com/nccgroup/cq\n\n#cybersecurity #infosec\n\nCVE-2020-0796\n\nWindows Protocol TestSuites is to trigger BSoD (full #exploit).\n\nhttps://github.com/Ajomix/CVE-2020-0796\n\n#cve #cybersecurity #infosec\n\nRed Teaming &amp; Pentesting checklists for various engagements\n\nEven though, a penetration test is a creative process most people maintain private checklists to ensure that they will not forget to test networks, systems and applications against various scenarios and maintain the overall quality of the assessment.\n\nhttps://github.com/netbiosX/Checklists\n\n#cybersecurity #infosec\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-05-30T15:17:54.000000Z"}, {"uuid": "344c3570-27cf-4ec2-9814-bb7d02181f79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/802", "content": "CVE-2023-33246 : Apache RocketMQ\u00a0 &gt; 5.1.0 - Remote Command Execution\nVerified : N/A\nPOC : https://github.com/SuperZero/CVE-2023-33246\nPOC : https://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT", "creation_timestamp": "2023-08-09T06:30:35.000000Z"}, {"uuid": "eaff54b1-3e49-4a67-bcb3-ee126f4225b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:54.000000Z"}, {"uuid": "cc52fadb-bdf7-4e3c-badc-c5a88c822cc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-08)", "content": "", "creation_timestamp": "2025-05-08T00:00:00.000000Z"}, {"uuid": "a7218315-d0fd-4e10-97cc-6224f583bcad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:01.000000Z"}, {"uuid": "582315d5-1e94-4d6c-8a99-6f7a5d72bb5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/misc/rocketmq_version.rb", "content": "", "creation_timestamp": "2023-06-13T22:37:51.000000Z"}, {"uuid": "cf25a5f0-32a8-4d3f-8106-e1fb5978b1a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-21)", "content": "", "creation_timestamp": "2026-02-21T00:00:00.000000Z"}, {"uuid": "cc361d8a-6e28-49ca-81ba-f8fde8117d1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-12)", "content": "", "creation_timestamp": "2026-04-12T00:00:00.000000Z"}, {"uuid": "e70a8d4f-8344-4dde-a9bf-b6bb0a16288d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4569", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aRocketMQ RCE (CVE-2023-33246) woodpecker \u5229\u7528\u63d2\u4ef6\nURL\uff1ahttps://github.com/cr1me0/rocketMq_RCE\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-16T00:40:53.000000Z"}, {"uuid": "108205fd-57ce-4fd2-b01c-de0c65cdb317", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "Telegram/ZPdhmxqpmsLVeUlcxkh-hzb6RIKpHEAokSR4hUiWLio6Rw", "content": "", "creation_timestamp": "2023-06-04T16:08:55.000000Z"}, {"uuid": "5a2c9197-36a8-4667-b93b-25e6dcb1c043", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1551", "content": "CVE-2023-33246\n*\nApache RocketMQ\n*\nread\n\nPOC", "creation_timestamp": "2023-05-30T15:54:33.000000Z"}, {"uuid": "cfc503aa-a70f-4364-89bf-8b4a150336a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "exploited", "source": "https://t.me/true_secator/4524", "content": "\u0412 VMware \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u0430\u044f \u043f\u0430\u043d\u0438\u043a\u0430, \u0442\u0430\u043a \u043a\u0430\u043a \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0432 Aria Operations for Networks (\u0440\u0430\u043d\u0435\u0435 vRealize Network Insight) \u0441\u0442\u0430\u043b\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u041a\u0430\u043a \u043c\u044b \u043f\u043e\u043c\u043d\u0438\u043c, \u0431\u0430\u0433\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2023-20887 \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0435\u0441\u043b\u0438 \u0442\u043e\u0433\u0434\u0430 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c\u0443, \u0442\u043e \u0442\u0435\u043f\u0435\u0440\u044c \u0432\u043f\u043e\u043b\u043d\u0435 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u0438\u043c\u0435\u044e\u0449\u0435\u043c\u0443 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0443, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u043c\u0430\u043d\u0434, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a RCE.\n\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 VMware Aria Operations Networks \u0432\u0435\u0440\u0441\u0438\u0439 6.x, \u0438 \u0435\u0441\u043b\u0438 \u0432\u044b \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u044d\u0442\u043e\u0433\u043e \u043d\u0435 \u0441\u0434\u0435\u043b\u0430\u043b\u0438, \u0442\u043e \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0442\u0440\u0435\u0432\u043e\u0433\u0443 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430, \u043e\u0442\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u0442\u044c \u0441 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u043f\u0430\u0442\u0447\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u0441\u0442\u0430\u0442\u044c \u0443\u0436\u0435 \u043f\u043e\u0437\u0434\u043d\u043e, \u0442\u0430\u043a \u043a\u0430\u043a \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043e\u0431\u044a\u044f\u0432\u043b\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430 \u0443\u0441\u043b\u0443\u0433 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438, \u0438\u043c\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043e, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u041a\u043e\u0433\u0434\u0430, \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043a\u043e\u0433\u043e \u0438 \u043a\u0430\u043a\u0438\u0435 \u0431\u044b\u043b\u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u043f\u043e\u043a\u0430 \u043d\u0435 \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0430\u0435\u0442\u0441\u044f, \u043d\u043e \u043d\u0430\u0447\u0430\u043b\u043e\u0441\u044c \u0432\u0441\u0435 \u043f\u043e \u043a\u043b\u0430\u0441\u0441\u0438\u043a\u0435 \u0436\u0430\u043d\u0440\u0430 \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 PoC \u043d\u0430 GitHub.\n\n\u041f\u043e \u0442\u043e\u043c\u0443 \u0436\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044e \u0414\u0430\u043c\u043e\u043a\u043b\u043e\u0432 \u043c\u0435\u0447 \u043f\u043e\u0432\u0438\u0441 \u043d\u0430\u0434 Apache Software Foundation, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u043d\u0430\u0434 RocketMQ, \u0433\u0434\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0443\u044e \u043a\u0430\u043a CVE-2023-33246, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c \u0444\u0430\u0439\u043b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b. \n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 RocketMQ \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0435\u0449\u0435 \u0432 \u043c\u0430\u0435, \u043d\u043e \u0430\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u0441\u0440\u0430\u0437\u0443 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0442\u0430\u043a\u0436\u0435 \u043d\u0430 GitHub \u0431\u044b\u043b \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0430\u043b\u044c\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b ZoomEye IoT, \u0431\u044b\u043b\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u0431\u043e\u043b\u0435\u0435 6000 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432, \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u041a\u0438\u0442\u0430\u0435.\n\n\u041e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 PoC \u043e\u0441\u0442\u0430\u043b\u043e\u0441\u044c \u043d\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u043e\u0432\u044c\u044e, \u0430 \u0442\u0430\u043a \u043d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u0447\u0442\u043e \u043e\u0431\u044b\u0447\u043d\u043e \u0435\u0441\u0442\u044c \u043e\u043a\u043e\u043b\u043e 48 \u0447\u0430\u0441\u043e\u0432, \u0434\u043e \u0442\u0435\u0445 \u043f\u043e\u0440 \u043f\u043e\u043a\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0430\u0434\u0430\u043f\u0442\u0438\u0440\u0443\u044e\u0442 \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0430\u043b\u044c\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0432 \u0431\u043e\u0435\u0432\u043e\u0439 \u0438 \u043d\u0430\u0447\u043d\u0443\u0442 \u0448\u0442\u0443\u0434\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0435\u0442\u044c.", "creation_timestamp": "2023-06-21T16:15:23.000000Z"}, {"uuid": "00b6e706-990e-4278-b8ad-bd12c978f0e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "https://t.me/cibsecurity/66532", "content": "\u203c CVE-2023-37582 \u203c\n\nThe RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-15T16:57:00.000000Z"}, {"uuid": "2ce83de9-61ce-4ae9-ab05-225ea3bc1870", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/629", "content": "https://github.com/Serendipity-Lucky/CVE-2023-33246", "creation_timestamp": "2023-06-09T05:42:19.000000Z"}, {"uuid": "8e79d956-0820-472d-84ab-a741f6088865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8411", "content": "#exploit\n1. CVE-2022-25743, CVE-2023-21665:\nQualcomm Adreno/KGSL Unchecked Cast / Type Confusion\nhttps://packetstormsecurity.com/files/172663\n\n2. CVE-2023-33733:\nReportlab RCE\nhttps://github.com/c53elyas/CVE-2023-33733\n\n3. CVE-2023-33246:\nRocketMQ RCE\nhttps://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT", "creation_timestamp": "2023-06-02T13:04:30.000000Z"}, {"uuid": "29c67ab2-998c-4d25-b1e1-bddb05ca43fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971874", "content": "", "creation_timestamp": "2024-12-24T20:35:06.179969Z"}, {"uuid": "0e2fe1fa-df0f-40a5-9db8-e28d5f436665", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:01.000000Z"}, {"uuid": "7021661a-2f21-46bd-9a40-fc64f74bb866", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-11)", "content": "", "creation_timestamp": "2026-02-11T00:00:00.000000Z"}, {"uuid": "04c0b789-9e8e-4475-8e09-84a43a8bec2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://github.com/google/tsunami-security-scanner-plugins/tree/master/doyensec/detectors/rocketmq_rce_cve_2023_33246", "content": "", "creation_timestamp": "2024-10-22T20:23:03.000000Z"}, {"uuid": "4e0fd235-587d-411d-8a30-0c1bede6289b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4515", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aRocketMQ RCE (CVE-2023-33246) woodpecker \u5229\u7528\u63d2\u4ef6\nURL\uff1ahttps://github.com/v0ita/rocketMq_RCE\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-08T06:52:41.000000Z"}, {"uuid": "294d2877-409a-4310-9d3e-51abd12e2a37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4552", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-33246\nURL\uff1ahttps://github.com/hheeyywweellccoommee/CVE-2023-33246-dgjfd\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-13T04:13:22.000000Z"}, {"uuid": "43f8b249-3072-4b5b-a415-a1823d4ccfaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "exploited", "source": "https://t.me/itsec_news/3173", "content": "\u200b\u26a1\ufe0f\u0421\u043a\u0440\u044b\u0442\u0430\u044f \u0443\u0433\u0440\u043e\u0437\u0430: Apache RocketMQ \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043d\u0435 \u0432\u0438\u0434\u0438\u0442 \u0434\u0430\u0436\u0435 Shodan\n\n\ud83d\udcac CISA \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u043e \u0432 \u0441\u0432\u043e\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043d\u0435\u043b\u044c\u0437\u044f \u0438\u0433\u043d\u043e\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c.\n\n\u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0437\u0430\u0449\u0438\u0442\u044b \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0421\u0428\u0410 (CISA) \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-33246 (CVSS: 9.8), \u0432\u043b\u0438\u044f\u044e\u0449\u0430\u044f \u043d\u0430 Apache RocketMQ, \u0432 \u0441\u0432\u043e\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b Apache RocketMQ, \u0432\u043a\u043b\u044e\u0447\u0430\u044f NameServer, Broker \u0438 Controller, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0438\u0437 \u044d\u043a\u0441\u0442\u0440\u0430\u0441\u0435\u0442\u0438 \u0438 \u043d\u0435 \u0438\u043c\u0435\u044e\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 RocketMQ. \u0425\u0430\u043a\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0448\u0438\u0431\u043a\u0443, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u043f\u043e\u0434\u0434\u0435\u043b\u0430\u0432 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 RocketMQ.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Apache RocketMQ 5.1.0 \u0438 \u043d\u0438\u0436\u0435, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.1.1 \u0438 \u0432\u044b\u0448\u0435 \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f RocketMQ 5.x \u0438\u043b\u0438 4.9.6 \u0438 \u0432\u044b\u0448\u0435 \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f RocketMQ 4.x.\n\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 Apache \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0432 \u043c\u0430\u0435 , \u043d\u043e CISA \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0432 KEV \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0418\u0411-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f VulnCheck \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043e\u0442\u0447\u0451\u0442\u0443 VulnCheck, \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a CVE-2023-33246 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0431\u0440\u043e\u043a\u0435\u0440\u0430 RocketMQ, \u0447\u0442\u043e\u0431\u044b \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u0438\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u043c\u0430\u043d\u0434. \u041e\u0442\u043c\u0435\u0447\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442\u0441\u044f \u0441 \u0438\u044e\u043d\u044f 2023 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0447\u0435\u0440\u0435\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u0440\u0442\u0430\u043c\u0438 \u0431\u0440\u043e\u043a\u0435\u0440\u0430 RocketMQ (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e 10909 \u0438 10911). \u041d\u0438 Shodan, \u043d\u0438 Censys \u043d\u0435 \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u044d\u0442\u043e\u0442 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b, \u0447\u0442\u043e \u0437\u0430\u0442\u0440\u0443\u0434\u043d\u044f\u0435\u0442 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u044a\u044f\u0441\u043d\u0438\u043b\u0438, \u0447\u0442\u043e CVE-2023-33246 \u0441\u0432\u044f\u0437\u0430\u043d \u0442\u043e\u043b\u044c\u043a\u043e \u0441 \u043e\u0434\u043d\u0438\u043c \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u043c, \u043e\u0434\u043d\u0430\u043a\u043e \u043e\u043d\u0438 \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e \u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445. \u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440 RocketMQ \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0431\u0440\u043e\u043a\u0435\u0440\u0430 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438. \u0422\u0430\u043a\u0436\u0435 CISA \u043f\u043e\u0440\u0443\u0447\u0438\u043b\u043e \u0444\u0435\u0434\u0435\u0440\u0430\u043b\u044c\u043d\u044b\u043c \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0430\u043c \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a 27 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2023 \u0433\u043e\u0434\u0430.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-09-11T07:37:58.000000Z"}, {"uuid": "5b0a90e6-ba08-4bd2-a8a3-4a095e70dbb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "exploited", "source": "https://t.me/itsec_news/3192", "content": "\u200b\u26a1\ufe0f\u041a\u0430\u0440\u0442\u0438\u043d\u043a\u0438 WebP \u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442\u0441\u044f \u043e\u0440\u0443\u0436\u0438\u0435\u043c: Mozilla \u0438 Google \u0431\u043e\u0440\u044e\u0442\u0441\u044f \u0441 0day \u0432 \u0441\u0432\u043e\u0438\u0445 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430\u0445.\n\n\ud83d\udcac Mozilla \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Firefox \u0438 Thunderbird, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0434\u0435\u043d\u044c \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 Chrome.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u043a\u0443\u0447\u0438 CVE-2023-4863 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f WebP. \u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0437\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u043f\u0430\u043c\u044f\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u0443\u044e HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443.\n\n\u041e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Apple Security Engineering and Architecture (SEAR) \u0438 Citizen Lab \u0432 \u0448\u043a\u043e\u043b\u0435 \u041c\u0443\u043d\u043a\u0430 \u043f\u0440\u0438 \u0423\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0435 \u0422\u043e\u0440\u043e\u043d\u0442\u043e. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0440\u0435\u0448\u0435\u043d\u0430 \u0432 Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1 \u0438 Thunderbird 115.2.2.\n\n\u041d\u0435\u0434\u0430\u0432\u043d\u043e \u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0437\u0430\u0449\u0438\u0442\u044b \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0421\u0428\u0410 (CISA) \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-33246 (CVSS: 9.8), \u0432\u043b\u0438\u044f\u044e\u0449\u0443\u044e \u043d\u0430 Apache RocketMQ, \u0432 \u0441\u0432\u043e\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 RocketMQ. \u0425\u0430\u043a\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0448\u0438\u0431\u043a\u0443, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u043f\u043e\u0434\u0434\u0435\u043b\u0430\u0432 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 RocketMQ.\n\n\u0422\u0430\u043a\u0436\u0435 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f \u043d\u0430 \u043f\u043b\u043e\u0449\u0430\u0434\u043a\u0435 Reddit \u043f\u043e\u044f\u0432\u0438\u043b\u0430\u0441\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043a\u043b\u0438\u0435\u043d\u0442\u0435 AtlasVPN \u0434\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u043e\u0436\u0435\u043b\u0430\u0432\u0448\u0438\u0439 \u043e\u0441\u0442\u0430\u0442\u044c\u0441\u044f \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u044b\u043c, \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b \u0440\u0430\u0431\u043e\u0447\u0438\u0439 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0438 \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b \u043e\u0431\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u0438, \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442, \u0440\u0430\u0437\u043c\u0435\u0441\u0442\u0438\u0432 \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u043d\u0430 \u0441\u0432\u043e\u0451\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u043c \u0441\u0430\u0439\u0442\u0435, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c\u0443 IP-\u0430\u0434\u0440\u0435\u0441\u0443 \u043b\u044e\u0431\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f Linux-\u0432\u0435\u0440\u0441\u0438\u0438 VPN-\u043a\u043b\u0438\u0435\u043d\u0442\u0430.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-09-13T07:40:04.000000Z"}, {"uuid": "db60593a-81d9-4a9b-8c3a-9e2c6981c377", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4551", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-33246\nURL\uff1ahttps://github.com/Devil0ll/CVE-2023-33246\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-13T03:28:03.000000Z"}, {"uuid": "ed3adcbe-b1e5-4579-9dba-0b2aea639e14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "https://t.me/BleepingComputer/18098", "content": "Latest news and stories from BleepingComputer.com\nCISA warns of critical Apache RocketMQ bug exploited in attacks\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added to its catalog of known exploited vulnerabilities (KEV) a critical-severity issue tracked as CVE-2023-33246 that affects Apache's RocketMQ distributed messaging and streaming platform. [...]", "creation_timestamp": "2023-09-08T00:14:24.000000Z"}, {"uuid": "42827c64-9ad1-4a0c-bf80-1a3ebc9317f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "exploited", "source": "https://t.me/BleepingComputer/18095", "content": "\u200aCISA warns of critical Apache RocketMQ bug exploited in attacks\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added to its catalog of known exploited vulnerabilities (KEV) a critical-severity issue tracked as CVE-2023-33246 that affects Apache's RocketMQ distributed messaging and streaming platform. [...]\n\nhttps://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-apache-rocketmq-bug-exploited-in-attacks/", "creation_timestamp": "2023-09-07T23:48:22.000000Z"}, {"uuid": "6ec421a7-2684-4a8f-b1e3-72b86b3015cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "https://t.me/arpsyndicate/1420", "content": "#ExploitObserverAlert\n\nCVE-2023-33246\n\nDESCRIPTION: Exploit Observer has 40 entries related to CVE-2023-33246. For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x .\n\nFIRST-EPSS: 0.971220000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-05T07:22:32.000000Z"}, {"uuid": "d5c556f9-cda5-4bcc-8a50-634de267fcd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "Telegram/iajzRjTDM2_zBsbJStMJpJYpGwENHpA0J4uVKAUR55g-E_c", "content": "", "creation_timestamp": "2025-05-08T11:00:06.000000Z"}, {"uuid": "8027ff89-fe40-4c98-9e70-060afcb8989e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "Telegram/pjFvQ--YdqLd-OW-B3L3cwtqx2iIKB3vb_BXLrgeheVa02k", "content": "", "creation_timestamp": "2023-07-25T05:28:06.000000Z"}, {"uuid": "be80982c-f8f6-4fe3-bc8f-b027bc5ce245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3614", "content": "DataLeak:\n\n\ud83d\udc49\ud83c\udffbLeak haztutienda com : https://system32.ink/d/leak-haztutienda-com/\n\n\ud83d\udc49\ud83c\udffbLeak voiswitch : https://system32.ink/d/leak-voiswitch-net/\n\n\ud83d\udc49\ud83c\udffbLeak unja.ac.id : https://system32.ink/d/leak-unja-ac-id/\n\nTools:\n\n\ud83d\udc49\ud83c\udffbPyrai - Mirai python variant : https://system32.ink/d/pyrai-mirai-python-variant/\n\nExploit:\n\n\ud83d\udc49\ud83c\udffbCVE-2023-33246 RocketMQ Remote Code Execution Exploit : https://system32.ink/d/cve-2023-33246-rocketmq-remote-code-execution-exploit/", "creation_timestamp": "2023-06-05T12:33:58.000000Z"}, {"uuid": "0e01d3bd-e195-431c-8f4e-746e1f61cf82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-09-06T18:10:02.000000Z"}, {"uuid": "72ac0cb8-4c95-4c43-8205-010e7da5a6fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "MISP/bafa81cb-3d9c-4b07-9938-5130c5013afa", "content": "", "creation_timestamp": "2023-08-31T14:24:24.000000Z"}, {"uuid": "44d17658-6f68-417e-a353-95440e570fa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "28798df3-aa32-4cff-9c84-69377dd07b26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-11-21)", "content": "", "creation_timestamp": "2024-11-21T00:00:00.000000Z"}, {"uuid": "d660052d-0a5a-4ee6-9e15-751a6025903d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:46.000000Z"}, {"uuid": "4ab35dbb-152c-4725-b488-84025d414b99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apache_rocketmq_update_config.rb", "content": "", "creation_timestamp": "2023-07-06T07:31:54.000000Z"}, {"uuid": "af5f2574-72fd-4b2c-a8c2-490917f22385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/31ef4cd6-0aac-4a34-9e6d-b07df6ae239f", "content": "", "creation_timestamp": "2026-02-02T12:26:51.618333Z"}, {"uuid": "618f0813-c43a-4d52-a495-725f094c7daa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-09)", "content": "", "creation_timestamp": "2026-03-09T00:00:00.000000Z"}, {"uuid": "e31c8637-9de4-4480-b987-e1b28987c917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-10)", "content": "", "creation_timestamp": "2026-03-10T00:00:00.000000Z"}, {"uuid": "2342601f-16b0-4679-9118-43a5ad48cfdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/31ef4cd6-0aac-4a34-9e6d-b07df6ae239f", "content": "", "creation_timestamp": "2026-02-02T12:26:51.618333Z"}, {"uuid": "72950536-cc8e-41b5-92ba-eca4a6ea281e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4466", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aApache RocketMQ \u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CVE-2023-33246) Exploit\nURL\uff1ahttps://github.com/Le1a/CVE-2023-33246\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-01T02:21:39.000000Z"}, {"uuid": "8800a3c8-b8d7-4690-b88f-d84710bf44fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4497", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aApache RocketMQ \u6f0f\u6d1e\u5229\u7528\u5de5\u5177\nURL\uff1ahttps://github.com/Serendipity-Lucky/CVE-2023-33246\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-06T11:28:27.000000Z"}, {"uuid": "747ef844-19a5-4d04-b254-508430a260d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4471", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-33246 RocketMQ RCE Exploit\nURL\uff1ahttps://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-01T14:53:39.000000Z"}, {"uuid": "c5789a3e-e52c-4caf-b9ec-4f8479f1c45d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4468", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aApache RocketMQ \u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CVE-2023-33246) Exploit\nURL\uff1ahttps://github.com/SuperZero/CVE-2023-33246\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-01T07:27:01.000000Z"}, {"uuid": "c74526e6-beda-45e8-8596-7fcb584d07eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4475", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-33246\uff1aApache RocketMQ \u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u68c0\u6d4b\u5de5\u5177\nURL\uff1ahttps://github.com/CKevens/CVE-2023-33246\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-02T01:44:35.000000Z"}, {"uuid": "9ae2b436-4e9b-4177-a899-8ade0f2305a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33246", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5087", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aA tool to fetch the RocketMQ broker configuration in order to discover indicators of compromise for CVE-2023-33246\nURL\uff1ahttps://github.com/vulncheck-oss/fetch-broker-conf\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-09-05T11:24:47.000000Z"}]}