< Back to all blog posts

GreyNoise Tag Round Up | September 14 - 30

Supriya Mazumdar

NEW TAGS:

Azure OMI RCE Attempt  [Intention: Malicious]

  • CVE-2021-38647, CVE-2021-38648, CVE-2021-38645, CVE-2021-38649
  • This IP address has been observed scanning the internet for WSMan Powershell providers without an Authorization header, a root RCE in Azure Open Management Infrastructure.
  • Sources: Wiz, Microsoft Security Response Center [1, 2, 3, 4]
  • See it on GreyNoise Viz

Azure OMI RCE Check [Intention: Unknown]

  • CVE-2021-38647, CVE-2021-38648, CVE-2021-38645, CVE-2021-38649
  • This IP address has been observed scanning the internet for WSMan Powershell providers without an Authorization header, but has not provided a valid SOAP XML Envelope payload.
  • Sources: Wiz, Microsoft Security Response Center [1, 2, 3, 4]
  • See it on GreyNoise Viz

VMWare VCSA File Upload Attempt  [Intention: Malicious]

  • CVE-2021-22005, CVE-2021-22017
  • This IP address has been observed attempting to exploit a remote file upload vulnerability in VMWare vCenter Server Appliance.
  • Sources: VMware [1, 2], MITRE [1, 2]
  • See it on GreyNoise Viz

VMWare VCSA File Upload Check [Intention: Unknown]

  • CVE-2021-22005, CVE-2021-22017
  • This IP address has been observed checking for the presence of a remote file upload vulnerability in VMWare vCenter Server Appliance.
  • Sources: VMware [1, 2], MITRE [1, 2]
  • See it on GreyNoise Viz

LDAP Crawler [Intention: Unknown]

Veeder-Root ATGs Crawler [Intention: Unknown]

VMware vCenter File Disclosure [Intention: Malicious]

PJL Crawler [Intention: Unknown]

PowerShell Generic Shell Attempt [Intention: Malicious]

  • This IP address has been observed attempting to spawn a generic PowerShell reverse or bind shell using the web request.
  • Sources: GitHub
  • See it on GreyNoise Viz

Cisco IMC Supervisor and UCS Director Backdoor [Intention: Malicious]

  • CVE-2019-1935
  • This IP address has been observed attempting to authenticate via SSH using default credentials for Cisco IMC Supervisor and Cisco UCS Director products.
  • Sources: NIST
  • See it on GreyNoise Viz
Tags
Roundup
Vulnerabilities