{"vulnerability": "cve-2021-3378", "sightings": [{"uuid": "046ef8cf-4b86-43d1-b764-30f12776af02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3378", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/fortilogger_arbitrary_fileupload.rb", "content": "", "creation_timestamp": "2021-03-24T22:48:24.000000Z"}, {"uuid": "fd37427a-dd69-41e9-8a9f-5df56a8a21a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2021-33780", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_21/2021", "content": "", "creation_timestamp": "2026-03-17T15:05:18.629291Z"}, {"uuid": "d81a13f9-ff00-4235-a430-a1b328b82d2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2021-33780", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_21/2021", "content": "", "creation_timestamp": "2021-07-15T10:13:10.000000Z"}, {"uuid": "db7b2bc8-8610-4ae8-9c90-41498df86efc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3378", "type": "seen", "source": "MISP/e0f5a7b5-69bb-4a81-a397-169489ce9ec2", "content": "", "creation_timestamp": "2024-11-14T06:08:15.000000Z"}, {"uuid": "f9ac2091-fc72-455c-b101-5c7e7952f986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3378", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:38.000000Z"}, {"uuid": "4019d1e5-8fb2-43a4-908e-04634c85f218", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-33781", "type": "seen", "source": "https://t.me/true_secator/1917", "content": "\u200b\u200b\u041e\u0442\u043b\u0438\u0447\u0438\u043b\u0441\u044f \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e SAP, \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0441\u044f \u0438 Microsoft \u0441\u0432\u043e\u0438\u043c \u044d\u043f\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u043f\u0430\u0442\u0447\u0435\u043c, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 117 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 9 \u043e\u0448\u0438\u0431\u043e\u043a \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0412 \u043e\u0431\u0449\u0435\u043c \u0440\u0430\u0441\u043a\u043b\u0430\u0434 \u0442\u0430\u043a\u043e\u0439: 13 \u0438\u043c\u0435\u044e\u0442 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445, 103 - \u0432\u0430\u0436\u043d\u044b\u0445, \u0430 1 - \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u044e\u0442 Windows, Bing, Dynamics, Exchange Server, Office, Scripting Engine, Windows DNS \u0438 Visual Studio Code.\n\n\u041f\u043e\u0434 \u0437\u0430\u043a\u0430\u0442\u043e\u0447\u043d\u044b\u0439 \u043a\u043e\u043d\u0432\u0435\u0439\u0435\u0440 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e \u0436\u0435 \u043f\u043e\u043f\u0430\u043b \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043d\u044b\u0439 \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440 \u043e\u0447\u0435\u0440\u0435\u0434\u0438 \u043f\u0435\u0447\u0430\u0442\u0438 (CVE-2021-34527), \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u044f\u0434\u0440\u0430 Windows, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c\u00a0\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 (CVE-2021-31979\u00a0\u0438 33771), \u043a\u043e\u0441\u044f\u043a\u0438 \u043c\u043e\u0434\u0443\u043b\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0435 \u043a \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e\u00a0\u043f\u0430\u043c\u044f\u0442\u0438 (CVE-2021-34448).\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442: Microsoft Exchange Server (CVE-2021-34473\u00a0- \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0438 CVE-2021-34523\u00a0- \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439), Active Directory (CVE-2021-33781\u00a0- \u043e\u0431\u0445\u043e\u0434 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438), Windows ADFS (CVE-2021-33779\u00a0- \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e), Windows (CVE-2021-34492\u00a0- \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0430 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432 \u0438 CVE-2021-34458 - \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430), Windows DNS Server (CVE-2021-34494 - \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430).\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Microsoft \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0431\u0438\u043e\u043c\u0435\u0442\u0440\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 Windows hello (CVE-2021-34466), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430\u00a0\u043f\u043e\u0434\u0434\u0435\u043b\u0430\u0442\u044c \u043b\u0438\u0446\u043e \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443.\n\nMSFT \u0432 \u0446\u0435\u043b\u043e\u043c \u0443\u0436\u0435 \u0431\u043b\u0438\u0437\u043a\u0438 \u0432 \u0442\u043e\u043c\u0443 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e, \u043a\u043e\u0433\u0434\u0430 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0442\u0440\u0430\u043d\u0441\u0444\u043e\u0440\u043c\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u043e: \u0432 \u043c\u0430\u0435 \u0438 \u0438\u044e\u043d\u0435 \u043e\u043d\u0438 \u0437\u0430\u043a\u0440\u044b\u043b\u0438 55 \u0438 50 \u0434\u044b\u0440 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e. \u041d\u043e, \u0447\u0442\u043e-\u0442\u043e \u0437\u043d\u0430\u044f \u043c\u0435\u043b\u043a\u043e\u043c\u044f\u0433\u043a\u0438\u0445, \u0434\u0443\u043c\u0430\u0435\u0442, \u0447\u0442\u043e \u0438\u043c \u0435\u0449\u0451 \u0434\u043e\u043b\u0433\u043e \u0432\u0435\u0441\u0442\u0438 \u0431\u043e\u0439 \u0432 \u0442\u0435\u043d\u044c\u044e.", "creation_timestamp": "2021-07-14T16:59:39.000000Z"}, {"uuid": "e9c49772-20ea-4d3a-8155-8cbaf1ec2786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3378", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/61", "content": "CVE-2021-3378 FortiLogger\u672a\u7d93\u8eab\u4efd\u9a57\u8b49\u6587\u4ef6\u4e0a\u50b3\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2021-3378_FortiLogger%E6%9C%AA%E7%B6%93%E8%BA%AB%E4%BB%BD%E9%A9%97%E8%AD%89%E6%96%87%E4%BB%B6%E4%B8%8A%E5%82%B3%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-03-29T16:13:21.000000Z"}, {"uuid": "3678d0e7-df50-46a8-82ee-30c5eee87240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3378", "type": "seen", "source": "https://t.me/cibsecurity/22933", "content": "\u203c CVE-2021-3378 \u203c\n\nFortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a \"Content-Type: image/png\" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-02T02:25:17.000000Z"}, {"uuid": "1a241c42-8bb7-40d3-b338-6fdd7f2b02c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3378", "type": "exploited", "source": "https://www.exploit-db.com/exploits/49600", "content": "", "creation_timestamp": "2021-03-01T00:00:00.000000Z"}, {"uuid": "48fb7ea5-ce75-498b-baec-b0b2536c8ac6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3378", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}]}