The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-21762

• Severity: 9.8 CRITICAL
• Impacted Products: Fortinet FortiOS, FortiProxy various versions
• Description: Out-of-bounds write vulnerability enabling unauthorized code or command execution via crafted requests.
• Remediation: Follow Fortinet’s vendor instructions for mitigation or product discontinuation if not available.
• More Info: NVD - CVE-2024-21762
• PoC: https://github.com/d0rb/CVE-2024-21762

CVE-2017-5123

• Severity: 8.8 HIGH
• Impacted Products: Linux Kernel versions from 4.13 up to 4.13.7
• Description: Insufficient data validation in waitid allowed a user to escape sandboxes on Linux.
• Remediation: Apply patches from Linux kernel or vendor advisories.
• More Info: NVD - CVE-2017-5123
• PoC: https://github.com/h1bAna/CVE-2017-5123

CVE-2022-0492

• Severity: 7.8 HIGH
• Impacted Products: Linux Kernel versions from 2.6.24 up to 5.16
• Description: A flaw in Linux kernel’s cgroup_release_agent_write allows privilege escalation and namespace isolation bypass.
• Remediation: Update to a patched Linux Kernel version.
• More Info: NVD - CVE-2022-0492
• PoC: https://github.com/T1erno/CVE-2022-0492-Docker-Breakout-Checker-and-PoC

CVE-2022-0185

• Severity: 8.4 HIGH
• Impacted Products: Linux Kernel versions from 5.1 to 5.16
• Description: Heap-based buffer overflow in legacy_parse_param function, leading to potential privilege escalation.
• Remediation: Patch your Linux Kernel to a version that includes the fix for this vulnerability.
• More Info: NVD - CVE-2022-0185
• PoC: https://packetstormsecurity.com/files/165730/linuxslab-oob.tgz

CVE-2019-5736

• Severity: 8.6 HIGH
• Impacted Products: Docker before 18.09.2 and other products using runc
• Description: Attackers can overwrite the host runc binary to gain root access by exploiting file-descriptor mishandling related to /proc/self/exe.
• Remediation: Update Docker and runc to versions that include a fix for this vulnerability.
• More Info: NVD - CVE-2019-5736
• PoC: https://github.com/q3k/cve-2019-5736-poc

CVE-2024-28255

• Severity: 9.8 CRITICAL
• Impacted Products: OpenMetadata versions before 1.2.4
• Description: Vulnerability in OpenMetadata’s JwtFilter allows attackers to bypass authentication via path parameter exploitation, potentially leading to arbitrary SpEL expression injection.
• Remediation: Upgrade to OpenMetadata version 1.2.4 or later. No known workarounds.
• More Info: NVD - CVE-2024-28255
• PoC: https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-6wx7-qw5p-wh84

CVE-2024-27768

• Severity: 9.8 CRITICAL
• Impacted Products: Unitronics Unistream Unilogic versions before 1.35.227
• Description: Path Traversal vulnerability in Unitronics Unistream Unilogic could lead to Remote Code Execution (RCE).
• Remediation: Update to Unitronics Unistream Unilogic version 1.35.227 or later.
• More Info: NVD - CVE-2024-27768, Vulners.com
• PoC: https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered

CVE-2024-25153

• Severity: 9.8 CRITICAL
• Impacted Products: Fortra FileCatalyst Workflow 5.x, before version 5.1.6 Build 114
• Description: The vulnerability, found in the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal, enables directory traversal. This allows for unauthorized file uploads outside the intended ‘uploadtemp’ directory, potentially leading to Remote Code Execution (RCE) on the server.
• Remediation: Users should update to Fortra FileCatalyst Workflow version 5.1.6 Build 114 or later to mitigate this vulnerability.
• More Info: NVD - CVE-2024-25153
• PoC: https://github.com/nettitude/CVE-2024-25153

CVE-2024-24578

• Severity: 10.0 CRITICAL
• Impacted Products: RaspberryMatic / OCCU versions before 3.75.6.20240316
• Description: Unauthenticated RCE in HMIPServer.jar due to no session id checks in FirmwareController, allowing full system compromise.
• Remediation: Update to version 3.75.6.20240316.
• More Info: NVD - CVE-2024-24578
• PoC: https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h

CVE-2024-1071

• Severity: 9.8 CRITICAL
• Impacted Products: Ultimate Member WordPress plugin versions 2.1.3 to 2.8.2
• Description: SQL Injection vulnerability via ‘sorting’ parameter allows unauthenticated attackers to execute arbitrary SQL commands.
• Remediation: Update to a version later than 2.8.2.
• More Info: NVD - CVE-2024-1071
• PoC: https://github.com/gbrsh/CVE-2024-1071

CVE-2023-48788

• Severity: 9.3 CRITICAL
• Impacted Products: FortiClientEMS
• Description: Critical SQL Injection vulnerability allowing unauthenticated remote code execution.
• Remediation: Fortinet has issued patches for affected versions.
• More Info: Tenable®
• PoC: https://github.com/horizon3ai/CVE-2023-48788

CVE-2023-27997

• Severity: 9.8 CRITICAL
• Impacted Products: FortiOS versions up to 7.2.4, FortiProxy versions up to 7.2.3
• Description: Heap-based buffer overflow in SSL-VPN allows remote attackers to execute arbitrary code.
• Remediation: Update to the fixed versions as provided by Fortinet.
• More Info: NVD - CVE-2023-27997
• PoC: https://github.com/lexfo/xortigate-cve-2023-27997

CVE-2022-0811

• Severity: 8.8 HIGH
• Impacted Products: CRI-O versions 1.19.0 to 1.22.3
• Description: This vulnerability involves a flaw in CRI-O, allowing pod deployment rights on a Kubernetes cluster to escape a container and execute arbitrary code as root on the node.
• Remediation: Users are advised to update to fixed versions.
• More Info: NVD CVE-2022-0811
• PoC: https://www.crowdstrike.com/blog/cr8escape-new-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811

CVE-2021-22555

• Severity: 7.8 HIGH
• Impacted Products: Linux Kernel versions since v2.6.19-rc1 up to specific versions before the fix
• Description: A heap out-of-bounds write in net/netfilter/x_tables.c, affecting Linux since v2.6.19-rc1, allows an attacker to gain privileges or cause a DoS through heap memory corruption.
• Remediation: Apply patches available from Linux or vendor-specific advisories.
• More Info: NVD - CVE-2021-22555
• PoC: https://github.com/veritas501/CVE-2021-22555-PipeVersion

CVE-2016-5195

• Severity: 7.8 HIGH
• Impacted Products: Linux kernel versions 2.x through 4.x before 4.8.3
• Description: A race condition in mm/gup.c allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, known as “Dirty COW.”
• Remediation: Update to a version after 4.8.3, applying patches or following specific vendor advisories.
• More Info: NVD - CVE-2016-5195
• PoC: https://github.com/dirtycow/dirtycow.github.io/blob/master/pokemon.c

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.