Сектор Transportation

Timeframe: -28 days

Default Categories (62): Access Management Software, Accounting Software, Advertising Software, Anti-Malware Software, Anti-Spam Software, Application Server Software, Appointment Software, Automation Software, Backup Software, Billing Software, Business Process Management Software, Calendar Software, Cloud Software, Communications System, Connectivity Software, Customer Relationship Management System, Database Administration Software, Database Software, Directory Service Software, Document Management Software, Document Reader Software, E-Commerce Management Software, Enterprise Resource Planning Software, File Compression Software, File Transfer Software, Firewall Software, Groupware Software, Hardware Driver Software, Information Management Software, Log Management Software, Mail Client Software, Mail Server Software, Middleware, Multimedia Player Software, Network Attached Storage Software, Network Authentication Software, Network Management Software, Network Routing Software, Office Suite Software, Operating System, Presentation Software, Printing Software, Project Management Software, Remote Access Software, Reporting Software, Router Operating System, SCADA Software, Server Management Software, Service Management Software, Software Library, Spreadsheet Software, SSH Server Software, Ticket Tracking Software, Transport Management Software, Unified Communication Software, Video Surveillance Software, Virtualization Software, Web Browser, Web Server, Windowing System Software, Wireless LAN Software, Word Processing Software

Временная шкала

Поставщик

Linux280
Microsoft134
Not Defined50
Foxit48
Juniper30

Продукт

Linux Kernel280
Microsoft Windows98
Foxit PDF Reader48
Cisco IOS XE20
Juniper Junos OS20

Устранение последствий

Official Fix670
Temporary Fix0
Workaround2
Unavailable0
Not Defined214

Эксплуатационная пригодность

High4
Functional2
Proof-of-Concept24
Unproven120
Not Defined736

Вектор доступа

Not Defined0
Physical8
Local98
Adjacent326
Network454

Аутентификация

Not Defined0
High58
Low490
None338

Взаимодействие с пользователем

Not Defined0
Required250
None636

C3BM Index

CVSSv3 Base

≤10
≤20
≤322
≤458
≤5198
≤6288
≤7144
≤8126
≤948
≤102

CVSSv3 Temp

≤10
≤20
≤322
≤468
≤5198
≤6370
≤7122
≤892
≤912
≤102

VulDB

≤10
≤22
≤328
≤492
≤5198
≤6256
≤7146
≤8116
≤946
≤102

NVD

≤1886
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

CNA

≤1642
≤20
≤30
≤42
≤538
≤654
≤740
≤878
≤928
≤104

Поставщик

≤1756
≤20
≤30
≤40
≤54
≤616
≤726
≤850
≤934
≤100

Эксплойт 0-дня

<1k38
<2k268
<5k30
<10k320
<25k108
<50k104
<100k18
≥100k0

Эксплойт сегодня

<1k260
<2k344
<5k110
<10k82
<25k82
<50k8
<100k0
≥100k0

Объем рынка эксплойтов

IOB - Indicator of Behavior (1000)

Временная шкала

Язык

en952
ja28
fr8
ru4
es4

Страна

us428
gb102
jp42
de20
ch20

Акторы

Mirai4
DPRK2
Cobalt Strike2
AsyncRAT2
Viper RAT1

Деятельность

Интерес

Временная шкала

Тип

Operating System26
Software Library10
Cloud Software10
Project Management Software10
Web Browser6

Поставщик

Microsoft26
SourceCodester12
code-projects10
Linux8
Google6

Продукт

Microsoft Windows18
SourceCodester Online Library System10
Linux Kernel8
Google Chrome6
code-projects Online Book System6

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1cym1102 nginxWebUI saveCmd handlePath слабая аутентификация7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000453.85CVE-2024-3738
2PHPGurukul Small CRM Registration Page sql-инъекция7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.86CVE-2024-3691
3cym1102 nginxWebUI upload эскалация привилегий6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.72CVE-2024-3739
4PHPGurukul Small CRM Change Password sql-инъекция6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.52CVE-2024-3690
5cym1102 nginxWebUI reload exec эскалация привилегий6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.74CVE-2024-3740
6Xiamen Four-Faith RMP Router Management Platform sql-инъекция6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.15CVE-2024-3688
7cym1102 nginxWebUI addOver findCountByQuery обход каталога6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.43CVE-2024-3737
8cym1102 nginxWebUI upload эскалация привилегий4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.27CVE-2024-3736
9Vesystem Cloud Desktop fileupload2.php эскалация привилегий6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000002.32-CVE-2024-3804
10Vesystem Cloud Desktop fileupload.php эскалация привилегий6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000002.05-CVE-2024-3803
11Palo Alto Networks PAN-OS GlobalProtect эскалация привилегий8.98.7$0-$5k$0-$5kHighOfficial Fix0.003712.67CVE-2024-3400
12PuTTY ECDSA Nonce Generation раскрытие информации3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.30+CVE-2024-31497
13Microsoft Windows Proxy Driver эскалация привилегий6.75.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.40CVE-2024-26234
14mysql2 readCodeFor эскалация привилегий8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.20CVE-2024-21508
15code-projects Online Book System index.php sql-инъекция7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.18CVE-2024-3000
16Palo Alto Networks PAN-OS Packets отказ в обслуживании7.57.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.11CVE-2024-3382
17SourceCodester Online Library System index.php межсайтовый скриптинг3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.07CVE-2024-3364
18Microsoft Outlook эскалация привилегий7.26.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000430.04CVE-2024-20670
19Rockwell Automation ControlLogix 5580 Fragmented Packet отказ в обслуживании8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.000000.07+CVE-2024-3493
20SourceCodester Online Library System controller.php sql-инъекция7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.07CVE-2024-3362

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

IDIP rangeАкторТипУверенность
146.226.164.0/24Meduza StealerpredictiveВысокий
254.38.234.0/24AsyncRATpredictiveВысокий
3XX.XX.XXX.X/XXXxxxxxxpredictiveВысокий
4XX.XX.XXX.X/XXXxxxxpredictiveВысокий
5XX.XX.XX.X/XXXxxxxpredictiveВысокий
6XXX.XX.XXX.X/XXXxxxxpredictiveВысокий
7XXX.XX.XXX.X/XXXxxxxxxxpredictiveВысокий
8XXX.XX.XX.X/XXXxxxx XxxpredictiveВысокий
9XXX.XXX.XX.X/XXXxxxxpredictiveВысокий
10XXX.XX.XXX.X/XXXxxxxx XxxxxxpredictiveВысокий
11XXX.XX.XXX.X/XXXxxxxxxxxpredictiveВысокий
12XXX.XXX.XXX.X/XXXxxxxxxxxxxxpredictiveВысокий
13XXX.XX.XX.X/XXXxxxxxpredictiveВысокий
14XXX.XXX.XXX.X/XXXxxxpredictiveВысокий
15XXX.XXX.XX.X/XXXxxxxxx XxxxxxpredictiveВысокий
16XXX.XXX.XXX.X/XXXxxxxx XxxpredictiveВысокий
17XXX.XXX.XXX.X/XXXxxxxpredictiveВысокий
18XXX.XX.XX.X/XXXxxxxxxpredictiveВысокий
19XXX.XX.XX.X/XXXxxxxxpredictiveВысокий
20XXX.XXX.XX.X/XXXxxxpredictiveВысокий

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-22, CWE-23, CWE-35Path TraversalpredictiveВысокий
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveВысокий
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
4T1059CWE-94, CWE-1321Argument InjectionpredictiveВысокий
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveВысокий
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
7TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveВысокий
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveВысокий
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveВысокий
11TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveВысокий
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveВысокий
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
14TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
15TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveВысокий
16TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveВысокий
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveВысокий
18TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveВысокий
19TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
20TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
21TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveВысокий
22TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveВысокий
23TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий
24TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveВысокий

IOA - Indicator of Attack (119)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/admin/users_photo.phppredictiveВысокий
2File/adminPage/conf/reloadpredictiveВысокий
3File/adminPage/conf/saveCmdpredictiveВысокий
4File/adminPage/main/uploadpredictiveВысокий
5File/adminPage/www/addOverpredictiveВысокий
6File/cart.phppredictiveСредний
7File/description.phppredictiveВысокий
8File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveВысокий
9File/etc/passwdpredictiveСредний
10File/index.phppredictiveСредний
11File/loginpredictiveНизкий
12File/Product.phppredictiveСредний
13File/Public/webuploader/0.1.5/server/fileupload.phppredictiveВысокий
14File/Public/webuploader/0.1.5/server/fileupload2.phppredictiveВысокий
15File/sys/kernel/notespredictiveВысокий
16Filexxxxxxxx_xxx_xxxxxxx_xxxx_xxxxxxx.xxxpredictiveВысокий
17Filexxx-xxxxxxx.xxxpredictiveВысокий
18Filexxxxx/xxxxx/xxxxxxxxxx.xxxpredictiveВысокий
19Filexxxxx/xxxxx/xxxxxxxxxxxx.xxxpredictiveВысокий
20Filexxxxx/xxxxx/xxxxx.xxxpredictiveВысокий
21Filexxxxx/xxxxxxxx/xxxxx.xxxpredictiveВысокий
22Filexxxxx/xxxxx.xxxpredictiveВысокий
23Filexxxxx/xxxxxxxx_xxxxx.xxxpredictiveВысокий
24Filexxxxx/xxxxx/xxxxxxxxxx.xxxpredictiveВысокий
25Filexxxxxxx.xxxpredictiveСредний
26Filexxxxxxxxxxxxx.xxxpredictiveВысокий
27Filexxxxxxxxxxx.xxxpredictiveВысокий
28Filexxxxxxxxxxx.xxxpredictiveВысокий
29Filexxxxxxxxx.xpredictiveСредний
30Filexxxxxxxxxxx.xxxpredictiveВысокий
31Filexxxxxxxx.xxxpredictiveСредний
32Filexxxx/xxx/xxxxxx/xxx/xxxx.xpredictiveВысокий
33Filexxxxx/xxx-xxxxxx.xpredictiveВысокий
34Filexxxxx/xxx-xx-xxx.xpredictiveВысокий
35Filexxx_xxx.xxxxpredictiveСредний
36Filexxxx_xxxxxxx.xxpredictiveВысокий
37Filexxxxxxx/xxxxx/xxxxxxxx.xxxpredictiveВысокий
38Filexxxxxxxxxxxxxx.xxxpredictiveВысокий
39Filexxxxxxxxx.xxxpredictiveВысокий
40Filexxxxxxx.xxxpredictiveСредний
41Filexxxxxxx/xxxxx/xxxxxxx/xx_xxxxxxxxx.xpredictiveВысокий
42Filexxxxxxx/xxxx/xxx/xxxxxx.xpredictiveВысокий
43Filexx/xxxxx/xxxx-xx.xpredictiveВысокий
44Filexx/xxxxx/xxxxxxxxxxx.xpredictiveВысокий
45Filexx/xxxxx/xxxx-xxx.xpredictiveВысокий
46Filexx/xxxx/xxxx.xpredictiveВысокий
47FilexxxxxpredictiveНизкий
48Filexxxxx_xxxxxxpredictiveСредний
49Filexx/xxx/xxx_xx_xxx.xpredictiveВысокий
50Filexxxxxxx/xxxxx/xxxxxx.xpredictiveВысокий
51Filexxxxx.xpredictiveНизкий
52Filexxxxxx/xxx/xxxxxxx.xpredictiveВысокий
53Filexxxxxx/xxx/xxxxx.xpredictiveВысокий
54Filexxxxxx/xxx/xxxx.x:predictiveВысокий
55Filexxxxxxx/xxxxxx.xxxpredictiveВысокий
56Filexx/xxxx_xxxxx.xpredictiveВысокий
57Filexx/xxxxxxxx.xpredictiveВысокий
58Filexxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxx.xpredictiveВысокий
59Filexxx/xxxx/xxxxxx.xpredictiveВысокий
60Filexxx/xxx/xxx_xxxxxx.xpredictiveВысокий
61Filexxx/xxxxxxxxxxx/xxxx.xpredictiveВысокий
62Filexxx/xxxxxx/xxxxxxxxxxxxx.xpredictiveВысокий
63Filexxxxxxxxx.xxxpredictiveВысокий
64Filexxxxx/xxx/xxxx/xxxxx-xxx-xxx.xpredictiveВысокий
65Filexxxx_xxxxxx.xxpredictiveВысокий
66Filexxxxxxx/xx/xxxx/xxx/xxxxxx/xxxxxxxxx.xxpredictiveВысокий
67Libraryxxxx.xxxpredictiveСредний
68Libraryxxxxxxx/xxxxx/xxxx.xpredictiveВысокий
69Libraryxxx/xxx_xxxx.xpredictiveВысокий
70Libraryxxx/xxxxxxxxxxxx.xpredictiveВысокий
71Libraryxxx/xxxx_xxxxx.xpredictiveВысокий
72Libraryxxx/xxx_xxxx.xpredictiveВысокий
73Libraryxxx/xxxxxxxxxxx.xpredictiveВысокий
74Libraryxxxxxxxx.xxxpredictiveСредний
75Libraryxxxx.xpredictiveНизкий
76ArgumentxxxxxxpredictiveНизкий
77ArgumentxxxxpredictiveНизкий
78ArgumentxxxxxxxxxxxxxxxxpredictiveВысокий
79Argumentxxxxxxxxxxxxx/xxxxxxxxxpredictiveВысокий
80Argumentxx-xxxxxxpredictiveСредний
81ArgumentxxxxxxxxpredictiveСредний
82ArgumentxxxxxxxxpredictiveСредний
83Argumentxx_xxxx_xxxpredictiveСредний
84ArgumentxxxpredictiveНизкий
85Argumentxxxxxxx_xxxxpredictiveСредний
86ArgumentxxxxpredictiveНизкий
87ArgumentxxxxxxxxpredictiveСредний
88Argumentxxxxxx_xxxxpredictiveСредний
89ArgumentxxxxxxxpredictiveНизкий
90Argumentx_xxxxpredictiveНизкий
91ArgumentxxxxpredictiveНизкий
92ArgumentxxpredictiveНизкий
93ArgumentxxpredictiveНизкий
94ArgumentxxxxxpredictiveНизкий
95Argumentxxx_xxpredictiveНизкий
96Argumentxxxxx_xxxpredictiveСредний
97ArgumentxxxxxxxpredictiveНизкий
98ArgumentxxxxxxxxpredictiveСредний
99ArgumentxxxxxxxxxpredictiveСредний
100Argumentxxx_xxxxxxpredictiveСредний
101ArgumentxxxxxxpredictiveНизкий
102Argumentxxx_xxxxxxpredictiveСредний
103Argumentxx_xxxxx_xxxxxxxpredictiveВысокий
104ArgumentxxxxxpredictiveНизкий
105Argumentxxx_xxxxpredictiveСредний
106Argumentxxxx_xxxxxx_xxxxxpredictiveВысокий
107ArgumentxxxxxxxpredictiveНизкий
108ArgumentxxxxxxxpredictiveНизкий
109Argumentxxxxxxxx/xxxxxxpredictiveВысокий
110ArgumentxxxxxxxxxxxpredictiveСредний
111Argumentxxxx_xxxxxxx_xxxxpredictiveВысокий
112ArgumentxxxxpredictiveНизкий
113Argumentxxxx/xxxxxxxxpredictiveВысокий
114Argumentxxxxxx xxxxxpredictiveСредний
115Argumentxxxxxxxx/xxxxxxxx/xxxxx_xxxxxxxx/xxxxx_xxxxxxxxpredictiveВысокий
116Argumentxxxx_xxxxxpredictiveСредний
117Argumentxxxx_xxxxpredictiveСредний
118ArgumentxxxxxpredictiveНизкий
119Argumentx-xxxxxxxxx-xxxpredictiveВысокий
ПредыдущийОбзорДалее

Might our Artificial Intelligence support you?

Check our Alexa App!