GreyNoise Tag Roundup | June 21 - July 16

New Tags

CVE-2020-36289

Tag: Jira User Enumeration Attempt [Intention: Unknown]

• This IP address has been observed attempting to use CVE-2020-36289 vulnerability and enumerate Jira users.
• Sources: NIST, Twitter
• See it on GreyNoise Viz

CVE-2021-1497, CVE-2021-1498

Tag: Cisco HyperFlex HX RCE Attempt [Intention: Malicious]

• This IP has been observed attempting to exploit CVE-2021-1497 and CVE-2021-1498, remote code execution vulnerabilities in Cisco HyperFlex HX Data Platform.
• Sources: MITRE [1, 2], Packet Storm Security, Zero Day Initiative
• See it on GreyNoise Viz

CVE-2021-1497, CVE-2021-1498

Tag: Cisco HyperFlex HX RCE Vuln Check [Intention: Unknown]

• This IP has been observed checking for the existence of CVE-2021-1497 and CVE-2021-1498, remote code execution vulnerabilities in Cisco HyperFlex HX Data Platform.
• Sources: MITRE [1, 2], Packet Storm Security, Zero Day Initiative
• See it on GreyNoise Viz

CVE-2020-35846, CVE-2020-35847, CVE-2020-35848

Cockpit CMS Command Injection [Intention: Malicious]

• This IP address has been observed attempting to exploit NoSQL command injection in Cockpit CMS.
• Sources: PT SWARM, NIST [1, 2, 3]
• See it on GreyNoise Viz

Recent Actor Tag

• CISA [Intention: Benign]

• Sources: CISA [1, 2], GitHub
• See it on GreyNoise Viz

Removed Tags

These tags have been removed because they no longer exist, scan, and/or can no longer be accurately identified

• ZeroShell RCE CVE-2009-0545