PoC Week 2024-03-17

Posted on Mar 17, 2024

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-21378

  • Severity: 8.0 HIGH
  • Impacted Products: Various versions of Microsoft 365 Apps, Office 2019, Office Long Term Servicing Channel 2021, Outlook 2016
  • Description: A vulnerability in Microsoft Outlook allowing remote code execution.
  • Remediation: Microsoft has released patches. Users are advised to apply updates as per the Microsoft Security Response Center.
  • More Info: NVD - CVE-2024-21378
  • PoC: https://github.com/d0rb/CVE-2024-21378

CVE-2022-26134

  • Severity: 9.8 CRITICAL
  • Impacted Products: Confluence Server and Data Center versions 1.3.0 to 7.18.1, with specific ranges affected.
  • Description: An OGNL injection vulnerability allowing unauthenticated arbitrary code execution.
  • Remediation: Updates are available for affected versions. Applying these updates is recommended.
  • More Info: NVD - CVE-2022-26134
  • PoC: https://github.com/abhishekmorla/CVE-2022-26134

CVE-2024-27199

  • Severity: 7.3 HIGH
  • Impacted Products: JetBrains TeamCity before 2023.11.4
  • Description: Path traversal vulnerability allowing limited admin actions.
  • Remediation: Update to version 2023.11.4 or later.
  • More Info: NVD - CVE-2024-27199
  • PoC: Rapid7 Blog

CVE-2024-27198

  • Severity: Critical (CNA score: 9.8)
  • Impacted Products: JetBrains TeamCity before 2023.11.4
  • Description: Authentication bypass allowing admin actions.
  • Remediation: Update to TeamCity version 2023.11.4 or newer.
  • More Info: NVD CVE-2024-27198
  • PoC: Rapid7 Blog

CVE-2024-1403

  • Severity: Critical (CNA score: 10.0)
  • Impacted Products: OpenEdge Authentication Gateway and AdminServer prior to versions 11.7.19, 12.2.14, 12.8.1
  • Description: An authentication bypass vulnerability due to improper handling of username and password, allowing unauthorized access.
  • Remediation: Update to the specified versions or later.
  • More Info: NVD CVE-2024-1403
  • PoC: https://github.com/horizon3ai/CVE-2024-1403/tree/main

CVE-2024-21762

  • Severity: 9.8 CRITICAL
  • Impacted Products: Fortinet FortiOS versions 7.4.0 to 7.4.2, 7.2.0 to 7.2.6, 7.0.0 to 7.0.13, 6.4.0 to 6.4.14, 6.2.0 to 6.2.15, 6.0.0 to 6.0.17, FortiProxy versions 7.4.0 to 7.4.2, 7.2.0 to 7.2.8, 7.0.0 to 7.0.14, 2.0.0 to 2.0.13, 1.2.0 to 1.2.13, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7
  • Description: Out-of-bounds write vulnerability enabling unauthorized code or command execution via crafted requests.
  • Remediation: Follow Fortinet’s vendor instructions for mitigation or product discontinuation if not available.
  • More Info: NVD - CVE-2024-21762
  • PoC: Blog Post (Weixin - Chinese Language)

CVE-2024-21412

  • Severity: 8.1 HIGH
  • Impacted Products: Microsoft Windows, various versions
  • Description: Security feature bypass vulnerability in Internet Shortcut Files.
  • Remediation: Patch available. Users should apply updates as per Microsoft’s instructions.
  • More Info: NVD - CVE-2024-21412
  • PoC: TrendMicro Blog

CVE-2023-5528

  • Severity: 8.8 HIGH
  • Impacted Products: Kubernetes on Windows nodes using in-tree storage plugins
  • Description: Vulnerability allowing escalation to admin privileges via pod and persistent volume creation.
  • Remediation: Review Kubernetes advisories and apply recommended patches.
  • More Info: NVD - CVE-2023-5528
  • PoC: Akamai Blog

References

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.