update for vmware_vcenter_rce / CVE-2021-22005
Этот коммит содержится в:
Markus Manzke
родитель
d7c0c29d29
Коммит
60b954bf8a
@ -0,0 +1 @@
|
||||
1632414614
|
||||
75
CVE_VULN_FEED/CVE-2021-22005-vmware_vcenter_rce/README.md
Обычный файл
75
CVE_VULN_FEED/CVE-2021-22005-vmware_vcenter_rce/README.md
Обычный файл
@ -0,0 +1,75 @@
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
##
|
||||
|
||||
|
||||
## Details and Analytics for vmware_vcenter_rce / CVE-2021-22005
|
||||
|
||||
- [NIST on CVE-2021-22005](https://nvd.nist.gov/vuln/detail/CVE-2021-22005)
|
||||
- [Alert](alert_text.md) - Notes to that alert
|
||||
- [Summary](summary.md): asn/country/network - based summary
|
||||
- [Data](data) - all data, separated by country
|
||||
- [TimeStamp](2021-09-23.timestamp)
|
||||
|
||||
The lists are generated based on combined shodan/OSINT-Queries.
|
||||
|
||||
If we detect a certain CVE with ( CVSS > 8 AND Remote AND Unauthenticated AND
|
||||
(RCE OR PriviledgeEscalation OR FileAccess) or exploits going around,
|
||||
we check if there is a posibility to catch al effected hosts/IPs
|
||||
that could be prone of attacks/exploitation, via shodan and OSINT.
|
||||
|
||||
in a second step we analyse affected IPs and generate ASN/Country-Attribution
|
||||
that will be placed in [data](data)
|
||||
|
||||
|
||||
## Detail - Format (file and content)
|
||||
|
||||
- files are plaintext
|
||||
- file_names are generated by CVE + country [CN]
|
||||
|
||||
-> CVE-20202-XXXX/CVE-2020-XXXXX-[CN].list
|
||||
|
||||
|
||||
file_content:
|
||||
|
||||
~~~
|
||||
|
||||
Country: CZ
|
||||
|
||||
147.228.XX.YY | ASN. 2852 | CESNET2, CZ
|
||||
147.228.XX.YY | ASN. 2852 | CESNET2, CZ
|
||||
195.113.20.168 | ASN. 2852 | CESNET2, CZ
|
||||
78.128.216.72 | ASN. 2852 | CESNET2, CZ
|
||||
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
|
||||
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
|
||||
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
|
||||
193.85.156.216 | ASN. 5588 | GTSCE GTS Central Europe / Antel Germany, CZ
|
||||
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
|
||||
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
|
||||
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
|
||||
62.24.71.164 | ASN. 6830 | LGI-UPC formerly known as UPC Broadband Holding B.V., AT
|
||||
88.208.109.196 | ASN. 29208 | DIALTELECOM-AS Dial Telecom a.s., SK
|
||||
88.208.109.196 | ASN. 29208 | DIALTELECOM-AS Dial Telecom a.s., SK
|
||||
95.47.178.94 | ASN. 60296 | METRONET-AS, SK
|
||||
|
||||
|
||||
~~~
|
||||
|
||||
|
||||
## Remarks
|
||||
|
||||
please note:
|
||||
- found IPs might contain False-Positives and miss False Negatives
|
||||
- Country/ASN-Attribution might not be correct
|
||||
|
||||
|
||||
- [Traffic Light Protocol (TLP) Definitions and Usage](https://www.us-cert.gov/tlp)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
38
CVE_VULN_FEED/CVE-2021-22005-vmware_vcenter_rce/alert_text.md
Обычный файл
38
CVE_VULN_FEED/CVE-2021-22005-vmware_vcenter_rce/alert_text.md
Обычный файл
@ -0,0 +1,38 @@
|
||||
Date: 2021-09-23
|
||||
|
||||
VMWares vCenter Server contains an RCE-vulnerability in the Analytics service.
|
||||
VMware has evaluated the severity of this issue to be in the Critical severity
|
||||
range with a maximum CVSSv3 base score of 9.8.
|
||||
|
||||
Patches and Workaroudns are available.
|
||||
Mass-Scanning is already happening.
|
||||
|
||||
|
||||
|
||||
|
||||
CVE : CVE-2021-22005
|
||||
Vendor : VMWare
|
||||
Product : vCenter Server
|
||||
|
||||
Patches : available
|
||||
Exploits : unknown
|
||||
|
||||
|
||||
we found various IPs in your ORG/ASN,
|
||||
matching criteria for possible vulnerable systems
|
||||
|
||||
|
||||
False-Positive-Level: unlikely
|
||||
|
||||
|
||||
please find a list of affected IPs below
|
||||
and more information on that problem here:
|
||||
|
||||
References:
|
||||
|
||||
- https://www.vmware.com/security/advisories/VMSA-2021-0020.html
|
||||
- https://www.tenable.com/blog/cve-2021-22005-critical-file-upload-vulnerability-in-vmware-vcenter-server
|
||||
- https://twitter.com/bad_packets/status/1440893196993634307
|
||||
|
||||
|
||||
|
||||
@ -0,0 +1,7 @@
|
||||
|
||||
Country: BG / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 1
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
81.161.236.7 | 2021-09-23 | AS 48011 | DIGITURUNC, TR
|
||||
@ -0,0 +1,12 @@
|
||||
|
||||
Country: BR / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 6
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
177.54.157.160 | 2021-09-23 | AS 262287 | Maxihost LTDA, BR
|
||||
168.194.201.92 | 2021-09-23 | AS 265440 | Telnet Sistemas e Comunicacoes, BR
|
||||
189.124.134.167 | 2021-09-23 | AS 28220 | CABO SERVICOS DE TELECOMUNICACOES LTDA, BR
|
||||
138.122.71.252 | 2021-09-23 | AS 28580 | CILNET Comunicacao e Informatica LTDA., BR
|
||||
177.37.48.201 | 2021-09-23 | AS 52893 | F1-Solutions Desenvolvimento para Web, BR
|
||||
45.226.195.38 | 2021-09-23 | AS 61868 | NETFACIL INTERNET VIA RADIO E INFORMATICA LTDA - M, BR
|
||||
@ -0,0 +1,10 @@
|
||||
|
||||
Country: CA / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 4
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
142.44.179.99 | 2021-09-23 | AS 16276 | OVH, FR
|
||||
144.217.113.27 | 2021-09-23 | AS 16276 | OVH, FR
|
||||
72.2.32.98 | 2021-09-23 | AS 6327 | SHAW, CA
|
||||
108.63.14.15 | 2021-09-23 | AS 812 | ROGERS-COMMUNICATIONS, CA
|
||||
@ -0,0 +1,7 @@
|
||||
|
||||
Country: CL / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 1
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
191.96.166.195 | 2021-09-23 | AS 397423 | TIER-NET, US
|
||||
@ -0,0 +1,36 @@
|
||||
|
||||
Country: DE / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 14
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
x.x.x.x | 2021-09-23 | AS 33846 | DATAPORT - Anstalt des oeffentlichen Rechts
|
||||
x.x.x.x | 2021-09-23 | AS 33846 | DATAPORT - Anstalt des oeffentlichen Rechts
|
||||
x.x.x.x | 2021-09-23 | AS 33846 | DATAPORT - Anstalt des oeffentlichen Rechts
|
||||
x.x.x.x | 2021-09-23 | AS 33846 | DATAPORT - Anstalt des oeffentlichen Rechts
|
||||
x.x.x.x | 2021-09-23 | AS 33846 | DATAPORT - Anstalt des oeffentlichen Rechts
|
||||
x.x.x.x | 2021-09-23 | AS 33846 | DATAPORT - Anstalt des oeffentlichen Rechts
|
||||
x.x.x.x | 2021-09-23 | AS 33846 | DATAPORT - Anstalt des oeffentlichen Rechts
|
||||
x.x.x.x | 2021-09-23 | AS 33846 | DATAPORT - Anstalt des oeffentlichen Rechts
|
||||
x.x.x.x | 2021-09-23 | AS 33846 | DATAPORT - Anstalt des oeffentlichen Rechts
|
||||
x.x.x.x | 2021-09-23 | AS 33846 | DATAPORT - Anstalt des oeffentlichen Rechts
|
||||
x.x.x.x | 2021-09-23 | AS 33846 | DATAPORT - Anstalt des oeffentlichen Rechts
|
||||
x.x.x.x | 2021-09-23 | AS 49756 | Der Schleswig Holsteinische Landtag
|
||||
x.x.x.x | 2021-09-23 | AS 49756 | Der Schleswig Holsteinische Landtag
|
||||
x.x.x.x | 2021-09-23 | AS 49756 | Der Schleswig Holsteinische Landtag
|
||||
x.x.x.x | 2021-09-23 | AS 49756 | Der Schleswig Holsteinische Landtag
|
||||
x.x.x.x | 2021-09-23 | AS 49756 | Der Schleswig Holsteinische Landtag
|
||||
80.65.211.3 | 2021-09-23 | AS 206446 | ACTIVECLOUD, IL
|
||||
45.94.56.178 | 2021-09-23 | AS 212416 | PROXIMITY, BG
|
||||
136.243.115.61 | 2021-09-23 | AS 24940 | HETZNER-AS, DE
|
||||
157.90.189.94 | 2021-09-23 | AS 24940 | HETZNER-AS, DE
|
||||
157.90.76.114 | 2021-09-23 | AS 24940 | HETZNER-AS, DE
|
||||
159.69.162.94 | 2021-09-23 | AS 24940 | HETZNER-AS, DE
|
||||
168.119.86.233 | 2021-09-23 | AS 24940 | HETZNER-AS, DE
|
||||
178.210.96.20 | 2021-09-23 | AS 25394 | MK-NETZDIENSTE-AS, DE
|
||||
134.93.14.135 | 2021-09-23 | AS 2857 | RLP-NET, DE
|
||||
151.106.61.214 | 2021-09-23 | AS 29066 | VELIANET-AS velia.net Internetdienste GmbH, DE
|
||||
129.206.22.167 | 2021-09-23 | AS 553 | BELWUE BelWue-Koordination, DE
|
||||
129.206.22.179 | 2021-09-23 | AS 553 | BELWUE BelWue-Koordination, DE
|
||||
129.206.45.245 | 2021-09-23 | AS 553 | BELWUE BelWue-Koordination, DE
|
||||
194.173.105.211 | 2021-09-23 | AS 702 | UUNET, US
|
||||
@ -0,0 +1,7 @@
|
||||
|
||||
Country: EG / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 1
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
41.33.65.196 | 2021-09-23 | AS 8452 | TE-AS TE-AS, EG
|
||||
@ -0,0 +1,20 @@
|
||||
|
||||
Country: FR / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 14
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
78.194.234.24 | 2021-09-23 | AS 12322 | PROXAD, FR
|
||||
212.83.150.18 | 2021-09-23 | AS 12876 | Online SAS, FR
|
||||
62.210.9.73 | 2021-09-23 | AS 12876 | Online SAS, FR
|
||||
137.74.69.116 | 2021-09-23 | AS 16276 | OVH, FR
|
||||
164.132.20.66 | 2021-09-23 | AS 16276 | OVH, FR
|
||||
178.33.75.120 | 2021-09-23 | AS 16276 | OVH, FR
|
||||
213.32.48.68 | 2021-09-23 | AS 16276 | OVH, FR
|
||||
217.182.8.248 | 2021-09-23 | AS 16276 | OVH, FR
|
||||
37.59.251.93 | 2021-09-23 | AS 16276 | OVH, FR
|
||||
5.135.197.34 | 2021-09-23 | AS 16276 | OVH, FR
|
||||
51.195.228.207 | 2021-09-23 | AS 16276 | OVH, FR
|
||||
51.89.124.61 | 2021-09-23 | AS 16276 | OVH, FR
|
||||
54.37.120.1 | 2021-09-23 | AS 16276 | OVH, FR
|
||||
213.152.3.100 | 2021-09-23 | AS 8218 | NEO-ASN legacy Neotelecoms, FR
|
||||
@ -0,0 +1,7 @@
|
||||
|
||||
Country: GB / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 1
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
163.172.199.46 | 2021-09-23 | AS 12876 | Online SAS, FR
|
||||
@ -0,0 +1,7 @@
|
||||
|
||||
Country: HU / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 1
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
94.199.176.220 | 2021-09-23 | AS 43711 | SZERVERNET-HU-AS, HU
|
||||
@ -0,0 +1,7 @@
|
||||
|
||||
Country: ID / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 1
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
112.78.144.140 | 2021-09-23 | AS 17451 | BIZNET-AS-AP BIZNET NETWORKS, ID
|
||||
@ -0,0 +1,7 @@
|
||||
|
||||
Country: IN / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 1
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
125.19.36.115 | 2021-09-23 | AS 9498 | BBIL-AP BHARTI Airtel Ltd., IN
|
||||
@ -0,0 +1,10 @@
|
||||
|
||||
Country: IR / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 4
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
185.165.31.176 | 2021-09-23 | AS 201691 | WEIDE, IR
|
||||
193.111.234.6 | 2021-09-23 | AS 43754 | ASIATECH, IR
|
||||
37.156.145.94 | 2021-09-23 | AS 43754 | ASIATECH, IR
|
||||
82.99.217.237 | 2021-09-23 | AS 60976 | POL, IR
|
||||
@ -0,0 +1,7 @@
|
||||
|
||||
Country: IT / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 1
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
151.1.140.240 | 2021-09-23 | AS 3242 | ASN-ITNET, IT
|
||||
@ -0,0 +1,7 @@
|
||||
|
||||
Country: JO / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 1
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
212.118.31.34 | 2021-09-23 | AS 9038 | BAT-AS9038, JO
|
||||
@ -0,0 +1,8 @@
|
||||
|
||||
Country: KR / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 2
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
183.111.188.84 | 2021-09-23 | AS 4766 | KIXS-AS-KR Korea Telecom, KR
|
||||
210.105.193.29 | 2021-09-23 | AS 4766 | KIXS-AS-KR Korea Telecom, KR
|
||||
@ -0,0 +1,7 @@
|
||||
|
||||
Country: MX / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 1
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
45.164.137.21 | 2021-09-23 | AS 265556 | CONSORTIA TIC S. DE R.L. DE C.V., MX
|
||||
@ -0,0 +1,8 @@
|
||||
|
||||
Country: MY / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 2
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
123.100.226.116 | 2021-09-23 | AS 136170 | EXBCOID-AS-AP PT. EXABYTES NETWORK INDONESIA, ID
|
||||
212.8.231.97 | 2021-09-23 | AS 45352 | IPSERVERONE-AS-AP IP ServerOne Solutions Sdn Bhd, MY
|
||||
@ -0,0 +1,8 @@
|
||||
|
||||
Country: NL / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 2
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
195.242.98.204 | 2021-09-23 | AS 60781 | LEASEWEB-NL-AMS-01 Netherlands, NL
|
||||
23.109.113.4 | 2021-09-23 | AS 7979 | SERVERS-COM, US
|
||||
@ -0,0 +1,7 @@
|
||||
|
||||
Country: PK / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 1
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
103.121.121.22 | 2021-09-23 | AS 131275 | LBPL-AS-AP Logon Broadband Pvt. Limited, PK
|
||||
@ -0,0 +1,8 @@
|
||||
|
||||
Country: RO / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 2
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
84.247.71.51 | 2021-09-23 | AS 12310 | INES Bucharest ROMANIA, RO
|
||||
195.82.149.214 | 2021-09-23 | AS 44875 | FIS-AS FRONTAL INTEGRATEG SOLUTIONS SRL, RO
|
||||
@ -0,0 +1,10 @@
|
||||
|
||||
Country: RU / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 4
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
185.172.136.177 | 2021-09-23 | AS 206905 | NII-SOKB, RU
|
||||
95.213.231.29 | 2021-09-23 | AS 50340 | SELECTEL-MSK, RU
|
||||
185.111.218.112 | 2021-09-23 | AS 61400 | NETRACK-AS, RU
|
||||
185.108.5.4 | 2021-09-23 | AS 62415 | MARKTEL, RU
|
||||
@ -0,0 +1,7 @@
|
||||
|
||||
Country: SA / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 1
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
86.51.52.217 | 2021-09-23 | AS 35819 | MOBILY-AS Etihad Etisalat Company Mobily, SA
|
||||
@ -0,0 +1,7 @@
|
||||
|
||||
Country: SG / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 1
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
203.126.144.160 | 2021-09-23 | AS 3758 | SINGNET SingNet, SG
|
||||
@ -0,0 +1,11 @@
|
||||
|
||||
Country: TH / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 5
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
161.82.170.110 | 2021-09-23 | AS 132280 | SYMPHONY-AP-TH Symphony Communication Thailand PCL., TH
|
||||
96.30.124.197 | 2021-09-23 | AS 132280 | SYMPHONY-AP-TH Symphony Communication Thailand PCL., TH
|
||||
203.158.192.79 | 2021-09-23 | AS 37932 | RMUTI-AS-AP Rajamangala University of Technology Isan, TH
|
||||
122.154.60.178 | 2021-09-23 | AS 9464 | PSU-TH-AS-AP Prince of Songkla University SritrangNET, TH
|
||||
122.154.60.29 | 2021-09-23 | AS 9464 | PSU-TH-AS-AP Prince of Songkla University SritrangNET, TH
|
||||
@ -0,0 +1,12 @@
|
||||
|
||||
Country: TR / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 6
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
89.252.188.219 | 2021-09-23 | AS 203576 | INTERNETBILISIM, TR
|
||||
45.10.59.168 | 2021-09-23 | AS 211557 | TAYTEKNOLOJI, TR
|
||||
213.238.178.132 | 2021-09-23 | AS 212953 | MRS-BILISIM, TR
|
||||
185.150.130.32 | 2021-09-23 | AS 3188 | ALASTYR, TR
|
||||
185.51.114.20 | 2021-09-23 | AS 34984 | TELLCOM-AS, TR
|
||||
46.20.3.190 | 2021-09-23 | AS 43260 | AS43260, TR
|
||||
@ -0,0 +1,7 @@
|
||||
|
||||
Country: TW / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 1
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
123.51.250.154 | 2021-09-23 | AS 9919 | NCIC-TW New Century InfoComm Tech Co., Ltd., TW
|
||||
@ -0,0 +1,28 @@
|
||||
|
||||
Country: US / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 22
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
24.206.39.141 | 2021-09-23 | AS 11426 | TWC-11426-CAROLINAS, US
|
||||
75.177.137.74 | 2021-09-23 | AS 11426 | TWC-11426-CAROLINAS, US
|
||||
98.156.120.147 | 2021-09-23 | AS 11427 | TWC-11427-TEXAS, US
|
||||
24.117.93.62 | 2021-09-23 | AS 11492 | CABLEONE, US
|
||||
38.74.1.189 | 2021-09-23 | AS 12212 | RAVAND, CA
|
||||
154.61.66.28 | 2021-09-23 | AS 174 | COGENT-174, US
|
||||
204.62.193.52 | 2021-09-23 | AS 174 | COGENT-174, US
|
||||
50.7.238.133 | 2021-09-23 | AS 174 | COGENT-174, US
|
||||
71.87.15.57 | 2021-09-23 | AS 20115 | CHARTER-20115, US
|
||||
149.11.73.24 | 2021-09-23 | AS 206652 | GREEKSTREAM-AS GREEKSTREAM NETWORKS, GR
|
||||
74.174.144.24 | 2021-09-23 | AS 2386 | INS-AS, US
|
||||
107.155.106.251 | 2021-09-23 | AS 29802 | HVC-AS, US
|
||||
8.19.245.192 | 2021-09-23 | AS 3356 | LEVEL3, US
|
||||
50.225.8.210 | 2021-09-23 | AS 33659 | CMCS, US
|
||||
208.108.137.215 | 2021-09-23 | AS 394399 | LACA-ASN, US
|
||||
104.233.146.244 | 2021-09-23 | AS 54600 | PEGTECHINC, US
|
||||
12.205.25.181 | 2021-09-23 | AS 7018 | ATT-INTERNET4, US
|
||||
209.132.197.126 | 2021-09-23 | AS 7296 | ALCHEMYNET, US
|
||||
24.127.52.147 | 2021-09-23 | AS 7922 | COMCAST-7922, US
|
||||
50.193.139.97 | 2021-09-23 | AS 7922 | COMCAST-7922, US
|
||||
50.205.180.23 | 2021-09-23 | AS 7922 | COMCAST-7922, US
|
||||
50.77.242.166 | 2021-09-23 | AS 7922 | COMCAST-7922, US
|
||||
@ -0,0 +1,12 @@
|
||||
|
||||
Country: VN / vmware_vcenter_rce CVE-2021-22005
|
||||
Total IPs: 6
|
||||
|
||||
IP | ScanDate | AS | AS_DESC
|
||||
-----------------+------------+-----------+--------------------------------------------
|
||||
103.74.121.234 | 2021-09-23 | AS 135967 | BKNS-AS-VN Bach Kim Network solutions Join stock company, VN
|
||||
103.45.230.41 | 2021-09-23 | AS 24085 | QTSC-AS-VN Quang Trung Software City Development Company, VN
|
||||
171.244.15.35 | 2021-09-23 | AS 38731 | VTDC-AS-VN Vietel - CHT Compamy Ltd, VN
|
||||
101.99.3.48 | 2021-09-23 | AS 38732 | CMCTELECOM-AS-VN CMC Telecom Infrastructure Company, VN
|
||||
103.21.151.150 | 2021-09-23 | AS 38732 | CMCTELECOM-AS-VN CMC Telecom Infrastructure Company, VN
|
||||
222.255.117.2 | 2021-09-23 | AS 45899 | VNPT-AS-VN VNPT Corp, VN
|
||||
234
CVE_VULN_FEED/CVE-2021-22005-vmware_vcenter_rce/summary.md
Обычный файл
234
CVE_VULN_FEED/CVE-2021-22005-vmware_vcenter_rce/summary.md
Обычный файл
@ -0,0 +1,234 @@
|
||||
|
||||
|
||||
~~~
|
||||
|
||||
SUMMARY for vmware_vcenter_rce / CVE-2021-22005
|
||||
|
||||
IPs : 107
|
||||
Networks : 102
|
||||
ASNs : 77
|
||||
Countries : 28
|
||||
|
||||
|
||||
Top 100 ASNs
|
||||
|
||||
ASN_NR | Count | ASNName
|
||||
----------+--------+-----------------------------------
|
||||
16276 | 12 | OVH, FR
|
||||
24940 | 5 | HETZNER-AS, DE
|
||||
7922 | 4 | COMCAST-7922, US
|
||||
12876 | 3 | Online SAS, FR
|
||||
174 | 3 | COGENT-174, US
|
||||
553 | 3 | BELWUE BelWue-Koordination, DE
|
||||
11426 | 2 | TWC-11426-CAROLINAS, US
|
||||
132280 | 2 | SYMPHONY-AP-TH Symphony Communication Thailand PCL., TH
|
||||
38732 | 2 | CMCTELECOM-AS-VN CMC Telecom Infrastructure Company, VN
|
||||
43754 | 2 | ASIATECH, IR
|
||||
4766 | 2 | KIXS-AS-KR Korea Telecom, KR
|
||||
9464 | 2 | PSU-TH-AS-AP Prince of Songkla University SritrangNET, TH
|
||||
11427 | 1 | TWC-11427-TEXAS, US
|
||||
11492 | 1 | CABLEONE, US
|
||||
12212 | 1 | RAVAND, CA
|
||||
12310 | 1 | INES Bucharest ROMANIA, RO
|
||||
12322 | 1 | PROXAD, FR
|
||||
131275 | 1 | LBPL-AS-AP Logon Broadband Pvt. Limited, PK
|
||||
135967 | 1 | BKNS-AS-VN Bach Kim Network solutions Join stock company, VN
|
||||
136170 | 1 | EXBCOID-AS-AP PT. EXABYTES NETWORK INDONESIA, ID
|
||||
17451 | 1 | BIZNET-AS-AP BIZNET NETWORKS, ID
|
||||
20115 | 1 | CHARTER-20115, US
|
||||
201691 | 1 | WEIDE, IR
|
||||
203576 | 1 | INTERNETBILISIM, TR
|
||||
206446 | 1 | ACTIVECLOUD, IL
|
||||
206652 | 1 | GREEKSTREAM-AS GREEKSTREAM NETWORKS, GR
|
||||
206905 | 1 | NII-SOKB, RU
|
||||
211557 | 1 | TAYTEKNOLOJI, TR
|
||||
212416 | 1 | PROXIMITY, BG
|
||||
212953 | 1 | MRS-BILISIM, TR
|
||||
2386 | 1 | INS-AS, US
|
||||
24085 | 1 | QTSC-AS-VN Quang Trung Software City Development Company, VN
|
||||
25394 | 1 | MK-NETZDIENSTE-AS, DE
|
||||
262287 | 1 | Maxihost LTDA, BR
|
||||
265440 | 1 | Telnet Sistemas e Comunicacoes, BR
|
||||
265556 | 1 | CONSORTIA TIC S. DE R.L. DE C.V., MX
|
||||
28220 | 1 | CABO SERVICOS DE TELECOMUNICACOES LTDA, BR
|
||||
2857 | 1 | RLP-NET, DE
|
||||
28580 | 1 | CILNET Comunicacao e Informatica LTDA., BR
|
||||
29066 | 1 | VELIANET-AS velia.net Internetdienste GmbH, DE
|
||||
29802 | 1 | HVC-AS, US
|
||||
3188 | 1 | ALASTYR, TR
|
||||
3242 | 1 | ASN-ITNET, IT
|
||||
3356 | 1 | LEVEL3, US
|
||||
33659 | 1 | CMCS, US
|
||||
34984 | 1 | TELLCOM-AS, TR
|
||||
35819 | 1 | MOBILY-AS Etihad Etisalat Company Mobily, SA
|
||||
3758 | 1 | SINGNET SingNet, SG
|
||||
37932 | 1 | RMUTI-AS-AP Rajamangala University of Technology Isan, TH
|
||||
38731 | 1 | VTDC-AS-VN Vietel - CHT Compamy Ltd, VN
|
||||
394399 | 1 | LACA-ASN, US
|
||||
397423 | 1 | TIER-NET, US
|
||||
43260 | 1 | AS43260, TR
|
||||
43711 | 1 | SZERVERNET-HU-AS, HU
|
||||
44875 | 1 | FIS-AS FRONTAL INTEGRATEG SOLUTIONS SRL, RO
|
||||
45352 | 1 | IPSERVERONE-AS-AP IP ServerOne Solutions Sdn Bhd, MY
|
||||
45899 | 1 | VNPT-AS-VN VNPT Corp, VN
|
||||
48011 | 1 | DIGITURUNC, TR
|
||||
50340 | 1 | SELECTEL-MSK, RU
|
||||
52893 | 1 | F1-Solutions Desenvolvimento para Web, BR
|
||||
54600 | 1 | PEGTECHINC, US
|
||||
60781 | 1 | LEASEWEB-NL-AMS-01 Netherlands, NL
|
||||
60976 | 1 | POL, IR
|
||||
61400 | 1 | NETRACK-AS, RU
|
||||
61868 | 1 | NETFACIL INTERNET VIA RADIO E INFORMATICA LTDA - M, BR
|
||||
62415 | 1 | MARKTEL, RU
|
||||
6327 | 1 | SHAW, CA
|
||||
7018 | 1 | ATT-INTERNET4, US
|
||||
702 | 1 | UUNET, US
|
||||
7296 | 1 | ALCHEMYNET, US
|
||||
7979 | 1 | SERVERS-COM, US
|
||||
812 | 1 | ROGERS-COMMUNICATIONS, CA
|
||||
8218 | 1 | NEO-ASN legacy Neotelecoms, FR
|
||||
8452 | 1 | TE-AS TE-AS, EG
|
||||
9038 | 1 | BAT-AS9038, JO
|
||||
9498 | 1 | BBIL-AP BHARTI Airtel Ltd., IN
|
||||
9919 | 1 | NCIC-TW New Century InfoComm Tech Co., Ltd., TW
|
||||
|
||||
Top 100 Countries
|
||||
Country | Count
|
||||
--------+-----------
|
||||
US | 22
|
||||
FR | 14
|
||||
DE | 14
|
||||
VN | 6
|
||||
TR | 6
|
||||
BR | 6
|
||||
TH | 5
|
||||
CA | 4
|
||||
IR | 4
|
||||
RU | 4
|
||||
RO | 2
|
||||
MY | 2
|
||||
KR | 2
|
||||
NL | 2
|
||||
GB | 1
|
||||
PK | 1
|
||||
ID | 1
|
||||
MX | 1
|
||||
IT | 1
|
||||
SA | 1
|
||||
SG | 1
|
||||
CL | 1
|
||||
HU | 1
|
||||
BG | 1
|
||||
EG | 1
|
||||
JO | 1
|
||||
IN | 1
|
||||
TW | 1
|
||||
|
||||
Top 100 Networks
|
||||
NW | Count | NetworkName
|
||||
------------------+--------+-----------------------------------
|
||||
129.206.0.0/16 | 3 | BELWUE BelWue-Koordination, DE
|
||||
157.90.0.0/16 | 2 | HETZNER-AS, DE
|
||||
50.128.0.0/9 | 2 | COMCAST-7922, US
|
||||
122.154.60.0/23 | 2 | PSU-TH-AS-AP Prince of Songkla University SritrangNET, TH
|
||||
24.206.32.0/19 | 1 | TWC-11426-CAROLINAS, US
|
||||
75.176.0.0/15 | 1 | TWC-11426-CAROLINAS, US
|
||||
98.156.0.0/16 | 1 | TWC-11427-TEXAS, US
|
||||
24.117.93.0/24 | 1 | CABLEONE, US
|
||||
38.74.1.0/24 | 1 | RAVAND, CA
|
||||
84.247.64.0/18 | 1 | INES Bucharest ROMANIA, RO
|
||||
78.192.0.0/11 | 1 | PROXAD, FR
|
||||
163.172.0.0/16 | 1 | Online SAS, FR
|
||||
212.83.128.0/19 | 1 | Online SAS, FR
|
||||
62.210.0.0/16 | 1 | Online SAS, FR
|
||||
103.121.121.0/24 | 1 | LBPL-AS-AP Logon Broadband Pvt. Limited, PK
|
||||
161.82.168.0/21 | 1 | SYMPHONY-AP-TH Symphony Communication Thailand PCL., TH
|
||||
96.30.124.0/24 | 1 | SYMPHONY-AP-TH Symphony Communication Thailand PCL., TH
|
||||
103.74.120.0/23 | 1 | BKNS-AS-VN Bach Kim Network solutions Join stock company, VN
|
||||
123.100.226.0/24 | 1 | EXBCOID-AS-AP PT. EXABYTES NETWORK INDONESIA, ID
|
||||
137.74.0.0/16 | 1 | OVH, FR
|
||||
142.44.128.0/17 | 1 | OVH, FR
|
||||
144.217.0.0/16 | 1 | OVH, FR
|
||||
164.132.0.0/16 | 1 | OVH, FR
|
||||
178.32.0.0/15 | 1 | OVH, FR
|
||||
213.32.0.0/17 | 1 | OVH, FR
|
||||
217.182.0.0/16 | 1 | OVH, FR
|
||||
37.59.0.0/16 | 1 | OVH, FR
|
||||
5.135.0.0/16 | 1 | OVH, FR
|
||||
51.195.0.0/16 | 1 | OVH, FR
|
||||
51.89.0.0/16 | 1 | OVH, FR
|
||||
54.37.0.0/16 | 1 | OVH, FR
|
||||
154.48.0.0/12 | 1 | COGENT-174, US
|
||||
204.62.193.0/24 | 1 | COGENT-174, US
|
||||
50.7.238.0/23 | 1 | COGENT-174, US
|
||||
112.78.128.0/18 | 1 | BIZNET-AS-AP BIZNET NETWORKS, ID
|
||||
71.87.0.0/20 | 1 | CHARTER-20115, US
|
||||
185.165.31.0/24 | 1 | WEIDE, IR
|
||||
89.252.188.0/24 | 1 | INTERNETBILISIM, TR
|
||||
80.65.211.0/24 | 1 | ACTIVECLOUD, IL
|
||||
149.11.73.0/24 | 1 | GREEKSTREAM-AS GREEKSTREAM NETWORKS, GR
|
||||
185.172.136.0/22 | 1 | NII-SOKB, RU
|
||||
45.10.59.0/24 | 1 | TAYTEKNOLOJI, TR
|
||||
45.94.56.0/24 | 1 | PROXIMITY, BG
|
||||
213.238.178.0/24 | 1 | MRS-BILISIM, TR
|
||||
74.174.144.0/21 | 1 | INS-AS, US
|
||||
103.45.230.0/24 | 1 | QTSC-AS-VN Quang Trung Software City Development Company, VN
|
||||
136.243.0.0/16 | 1 | HETZNER-AS, DE
|
||||
159.69.0.0/16 | 1 | HETZNER-AS, DE
|
||||
168.119.0.0/16 | 1 | HETZNER-AS, DE
|
||||
178.210.96.0/19 | 1 | MK-NETZDIENSTE-AS, DE
|
||||
177.54.157.0/24 | 1 | Maxihost LTDA, BR
|
||||
168.194.201.0/24 | 1 | Telnet Sistemas e Comunicacoes, BR
|
||||
45.164.137.0/24 | 1 | CONSORTIA TIC S. DE R.L. DE C.V., MX
|
||||
189.124.128.0/17 | 1 | CABO SERVICOS DE TELECOMUNICACOES LTDA, BR
|
||||
134.93.0.0/16 | 1 | RLP-NET, DE
|
||||
138.122.71.0/24 | 1 | CILNET Comunicacao e Informatica LTDA., BR
|
||||
151.106.48.0/20 | 1 | VELIANET-AS velia.net Internetdienste GmbH, DE
|
||||
107.155.106.0/24 | 1 | HVC-AS, US
|
||||
185.150.130.0/24 | 1 | ALASTYR, TR
|
||||
151.1.128.0/18 | 1 | ASN-ITNET, IT
|
||||
8.16.0.0/12 | 1 | LEVEL3, US
|
||||
50.225.8.0/24 | 1 | CMCS, US
|
||||
185.51.114.0/24 | 1 | TELLCOM-AS, TR
|
||||
86.51.0.0/16 | 1 | MOBILY-AS Etihad Etisalat Company Mobily, SA
|
||||
203.126.0.0/16 | 1 | SINGNET SingNet, SG
|
||||
203.158.192.0/22 | 1 | RMUTI-AS-AP Rajamangala University of Technology Isan, TH
|
||||
171.244.12.0/22 | 1 | VTDC-AS-VN Vietel - CHT Compamy Ltd, VN
|
||||
101.99.3.0/24 | 1 | CMCTELECOM-AS-VN CMC Telecom Infrastructure Company, VN
|
||||
103.21.151.0/24 | 1 | CMCTELECOM-AS-VN CMC Telecom Infrastructure Company, VN
|
||||
208.108.137.0/24 | 1 | LACA-ASN, US
|
||||
191.96.166.0/24 | 1 | TIER-NET, US
|
||||
46.20.3.0/24 | 1 | AS43260, TR
|
||||
94.199.176.0/24 | 1 | SZERVERNET-HU-AS, HU
|
||||
193.111.234.0/24 | 1 | ASIATECH, IR
|
||||
37.156.145.0/24 | 1 | ASIATECH, IR
|
||||
195.82.148.0/23 | 1 | FIS-AS FRONTAL INTEGRATEG SOLUTIONS SRL, RO
|
||||
212.8.231.0/24 | 1 | IPSERVERONE-AS-AP IP ServerOne Solutions Sdn Bhd, MY
|
||||
222.255.117.0/24 | 1 | VNPT-AS-VN VNPT Corp, VN
|
||||
183.104.0.0/13 | 1 | KIXS-AS-KR Korea Telecom, KR
|
||||
210.105.0.0/16 | 1 | KIXS-AS-KR Korea Telecom, KR
|
||||
81.161.236.0/24 | 1 | DIGITURUNC, TR
|
||||
95.213.231.0/24 | 1 | SELECTEL-MSK, RU
|
||||
177.37.48.0/24 | 1 | F1-Solutions Desenvolvimento para Web, BR
|
||||
104.233.144.0/21 | 1 | PEGTECHINC, US
|
||||
195.242.98.0/23 | 1 | LEASEWEB-NL-AMS-01 Netherlands, NL
|
||||
82.99.217.0/24 | 1 | POL, IR
|
||||
185.111.218.0/24 | 1 | NETRACK-AS, RU
|
||||
45.226.195.0/24 | 1 | NETFACIL INTERNET VIA RADIO E INFORMATICA LTDA - M, BR
|
||||
185.108.5.0/24 | 1 | MARKTEL, RU
|
||||
72.2.32.0/22 | 1 | SHAW, CA
|
||||
12.128.0.0/9 | 1 | ATT-INTERNET4, US
|
||||
194.172.0.0/14 | 1 | UUNET, US
|
||||
209.132.197.0/24 | 1 | ALCHEMYNET, US
|
||||
24.126.0.0/15 | 1 | COMCAST-7922, US
|
||||
50.76.0.0/14 | 1 | COMCAST-7922, US
|
||||
23.109.113.0/24 | 1 | SERVERS-COM, US
|
||||
108.63.14.0/23 | 1 | ROGERS-COMMUNICATIONS, CA
|
||||
213.152.0.0/19 | 1 | NEO-ASN legacy Neotelecoms, FR
|
||||
41.33.0.0/17 | 1 | TE-AS TE-AS, EG
|
||||
212.118.16.0/20 | 1 | BAT-AS9038, JO
|
||||
|
||||
|
||||
~~~
|
||||
|
||||
|
||||
Двоичные данные
CVE_VULN_FEED/CVE-2021-22005-vmware_vcenter_rce/tlp_amber.png
Обычный файл
Двоичные данные
CVE_VULN_FEED/CVE-2021-22005-vmware_vcenter_rce/tlp_amber.png
Обычный файл
Двоичный файл не отображается.
|
После Ширина: | Высота: | Размер: 2.9 KiB |
Загрузка…
x
Ссылка в новой задаче
Block a user