The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-21887

• Severity: 9.1 CRITICAL
• Impacted Products: Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x)
• Description: Command injection vulnerability allowing an authenticated administrator to execute arbitrary commands.
• Remediation: Apply mitigations per vendor instructions or discontinue use if mitigations unavailable.
• More Info: NVD - CVE-2024-21887
• PoC: https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887

CVE-2023-46805

• Severity: 8.2 HIGH
• Impacted Products: Ivanti ICS (9.x, 22.x) and Ivanti Policy Secure
• Description: Authentication bypass in web component allows remote access to restricted resources by bypassing control checks.
• Remediation: Apply mitigations per vendor instructions or discontinue use if mitigations are unavailable.
• More Info: NVD - CVE-2023-46805
• PoC: https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887

CVE-2023-7028

• Severity: 7.5 HIGH (NIST), 10.0 CRITICAL (GitLab Inc.)
• Impacted Products: GitLab CE/EE versions from 16.1 before 16.1.6, 16.2 before 16.2.9, 16.3 before 16.3.7, 16.4 before 16.4.5, 16.5 before 16.5.6, 16.6 before 16.6.4, and 16.7 before 16.7.2
• Description: User account password reset emails could be sent to an unverified email address.
• Remediation: Update to a patched version as per GitLab’s advisory.
• More Info: NVD - CVE-2023-7028
• PoC: https://github.com/V1lu0/CVE-2023-7028

CVE-2023-4966

• Severity: 7.5 HIGH (NIST), 9.4 CRITICAL (Citrix Systems, Inc.)
• Impacted Products: NetScaler ADC and NetScaler Gateway in specific configurations
• Description: Sensitive information disclosure in configured Gateway or AAA virtual server scenarios.
• Remediation: Apply mitigations and address active sessions as per Citrix advisory or discontinue use if not possible.
• More Info: NVD - CVE-2023-4966
• PoC: https://github.com/assetnote/exploits/tree/main/citrix/CVE-2023-4966

CVE-2023-48795

• Severity: 5.9 MEDIUM
• Impacted Products: OpenSSH before 9.6, Dropbear, Erlang/OTP, PuTTY, AsyncSSH, and more
• Description: Vulnerability in SSH transport protocol allows remote attackers to bypass integrity checks, leading to downgraded security features.
• Remediation: Update affected products to patched versions.
• More Info: NVD - CVE-2023-48795
• PoC: https://github.com/RUB-NDS/Terrapin-Artifacts

CVE-2023-46446

• Severity: 6.8 MEDIUM
• Impacted Products: AsyncSSH before 2.14.1
• Description: Allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, known as a “Rogue Session Attack.”
• Remediation: Update to AsyncSSH version 2.14.1 or later.
• More Info: NVD - CVE-2023-46446
• PoC: https://github.com/RUB-NDS/Terrapin-Artifacts/blob/main/pocs/asyncssh/rogue_session_attack.py

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.