PoC Week 2024-02-11

Posted on Feb 11, 2024

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.


  • Severity: 9.1 CRITICAL
  • Impacted Products: Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x)
  • Description: Command injection vulnerability allowing an authenticated administrator to execute arbitrary commands.
  • Remediation: Apply mitigations per vendor instructions or discontinue use if mitigations unavailable.
  • More Info: NVD - CVE-2024-21887
  • PoC: https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887


  • Severity: 8.2 HIGH
  • Impacted Products: Ivanti ICS (9.x, 22.x) and Ivanti Policy Secure
  • Description: Authentication bypass in web component allows remote access to restricted resources by bypassing control checks.
  • Remediation: Apply mitigations per vendor instructions or discontinue use if mitigations are unavailable.
  • More Info: NVD - CVE-2023-46805
  • PoC: https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887


  • Severity: 7.5 HIGH (NIST), 10.0 CRITICAL (GitLab Inc.)
  • Impacted Products: GitLab CE/EE versions from 16.1 before 16.1.6, 16.2 before 16.2.9, 16.3 before 16.3.7, 16.4 before 16.4.5, 16.5 before 16.5.6, 16.6 before 16.6.4, and 16.7 before 16.7.2
  • Description: User account password reset emails could be sent to an unverified email address.
  • Remediation: Update to a patched version as per GitLab’s advisory.
  • More Info: NVD - CVE-2023-7028
  • PoC: https://github.com/V1lu0/CVE-2023-7028


  • Severity: 7.5 HIGH (NIST), 9.4 CRITICAL (Citrix Systems, Inc.)
  • Impacted Products: NetScaler ADC and NetScaler Gateway in specific configurations
  • Description: Sensitive information disclosure in configured Gateway or AAA virtual server scenarios.
  • Remediation: Apply mitigations and address active sessions as per Citrix advisory or discontinue use if not possible.
  • More Info: NVD - CVE-2023-4966
  • PoC: https://github.com/assetnote/exploits/tree/main/citrix/CVE-2023-4966


  • Severity: 5.9 MEDIUM
  • Impacted Products: OpenSSH before 9.6, Dropbear, Erlang/OTP, PuTTY, AsyncSSH, and more
  • Description: Vulnerability in SSH transport protocol allows remote attackers to bypass integrity checks, leading to downgraded security features.
  • Remediation: Update affected products to patched versions.
  • More Info: NVD - CVE-2023-48795
  • PoC: https://github.com/RUB-NDS/Terrapin-Artifacts



This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.