GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
#BlackBastaGroup #CVE_2023_6875 #CVE_2024_3400 #CVE_2024_27198 #CVE_2024_24919 #CVE_2024_23897 #CVE_2024_1709 #CVE_2023_4966 #CVE_2023_42793 #CVE_2023_36845 #CVE_2023_36844 #CVE_2023_29357 #CVE_2023_22515 #CVE_2023_20198 #CVE_2022_41082 #CVE_2022_41040 #CVE_2022_37042 #CVE_2022_30525 #CVE_2022_27925 #CVE_2022_26134 #CVE_2022_22965 #CVE_2022_1388 #CVE_2021_44228 #CVE_2021_26855
https://www.greynoise.io/blog/greynoise-detects-active-exploitation-cves-black-bastas-leaked-chat-logs

As @iagox86 has pointed out for weeks now, the #Juniper RCE headlines on #CVE_2023-36844 and #CVE_2023_36845 consistently miss a pretty important point: All the known exploits land you in a restrictive BSD jail with no meaningful OS access. Rapid7 details one method for breakout in our analysis from early September, but oddly, nobody else seems to be acknowledging the caveat to exploitation (at least with known PoCs): https://attackerkb.com/topics/1PKX0CCXkX/cve-2023-36844/rapid7-analysis