New Tags
CVE-2021-21985
Tag: Vmware vSphere Client RCE Attempt [Intention: Malicious]
- This IP address has been observed sending requests that exploit CVE-2021-21985, a remote code execution vulnerability in VMware Sphere Client.
- Sources: VMware, NIST, AttackerKB, @alt3kx (GitHub PoC)
- See it on GreyNoise Viz
Tag: VMware vSphere Client RCE Vuln Check [Intention: Unknown]
- This IP has been observed checking for the existence of CVE-2021-21985, a remote code execution vulnerability in VMware Sphere Client.
- Sources: VMware, NIST, AttackerKB, @wvu (Twitter)
- See it on GreyNoise Viz
CVE-2021-28799
Tag: VMware ESXi OpenSLP RCE Attempt [Intention: Malicious]
- This IP address has been observed attempting to exploit CVE-2021-21974, a heap overflow vulnerability in VMware ESXi OpenSLP that can lead to remote code execution.
- Source: VMware, Zero Day Initiative, @straight_blast (Medium, GitHub PoC)
- See it on GreyNoise Viz
Tag Improvements
As part of our process, our research team continues to clean up and improve on existing tags as new information or better processes are introduced.
Tag: Elasticsearch RCE Attempt [Intention: Malicious]
- This IP address has been observed sending requests that exploit CVE-2015-1427, an Elasticsearch code injection vulnerability.
- Sources: NIST, PoC Blog, GitHub
- See it on GreyNoise Viz
Recent Actor Tag
- Cyber Casa [Intention: Benign]
- Sources: CyberCasa
- See it on GreyNoise Viz
Removed Tags
These tags have been removed because they no longer exist, scan, and/or can no longer be accurately identified
- Swedish Defense Research Agency (FOI)
- Elasticsearch Worm
This article is a summary of the full, in-depth version on the GreyNoise Labs blog.
Read the full report
Be part of the conversation in our Community Slack group.
Follow us and don’t miss a thing.
.png)
