PoC Week 2024-04-14

Posted on Apr 14, 2024

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-3094

Severity: 10.0 CRITICAL
Impacted Products: xz versions 5.6.0 and 5.6.1 are directly affected. The issue impacts various distributions and software packages relying on these versions of xz, including Debian testing, unstable, and experimental distributions, OpenSUSE Tumbleweed and OpenSUSE Micro OS, Alpine (versions prior to 5.6.1-r2), and Arch Linux among others.
Description: Malicious code was identified within the upstream tarballs of xz, starting with version 5.6.0. This code involves complex obfuscations allowing for the extraction of a prebuilt object file from a disguised test file within the source code. This file then alters specific functions in the liblzma code, resulting in a library that can intercept and modify data interactions.
Remediation: Users and administrators are advised to verify their version of xz and update to a non-compromised, safe version as soon as possible. Distros and software that bundled affected versions of xz have issued advisories and patches.
More Info: CVE-2024-3094
PoC: https://github.com/amlweems/xzbot

Severity: 10.0 CRITICAL
Impacted Products: Flowmon versions 11.x and 12.x prior to 11.1.14 and 12.3.5
Description: This vulnerability is an operating system command injection flaw identified in certain versions of Flowmon. An unauthenticated user can exploit this via the Flowmon management interface to execute arbitrary system commands.
Remediation: Users should update to Flowmon version 11.1.14 or 12.3.5 to address this vulnerability.
More Info: CVE-2024-2389
PoC: https://github.com/adhikara13/CVE-2024-2389

Severity: Currently Under Analysis
Impacted Products: D-Link DNS-320L, DNS-325, DNS-327L, DNS-340L up to firmware version 20240403
Description: A vulnerability classified as very critical, affecting the HTTP GET Request Handler, specifically in the file /cgi-bin/nas_sharing.cgi. The exact nature of the vulnerability is under analysis.
Remediation: Information on remediation is pending further analysis.
More Info: CVE-2024-3272
PoC: https://github.com/Chocapikk/CVE-2024-3273

Severity: Currently Under Analysis
Impacted Products: Rust standard library versions prior to 1.77.2
Description: The Rust standard library before version 1.77.2 improperly escapes arguments when invoking batch files using the .bat and .cmd file formats.
Remediation: Update to Rust standard library version 1.77.2 or later.
More Info: CVE-2024-24576
PoC: https://github.com/frostb1ten/CVE-2024-24576-PoC

Severity: 7.8 HIGH
Impacted Products:
- Debian-based systems including Debian Linux 4.0 and Ubuntu Linux versions 6.06, 7.04, 7.10, and 8.04
- OpenSSL versions from 0.9.8c-1 up to 0.9.8g
Description: The vulnerability stems from a weak random number generator in OpenSSL on Debian-based operating systems. This issue results in predictable numbers that could allow remote attackers to conduct brute force attacks against cryptographic keys.
Remediation: Users are advised to update to fixed versions of OpenSSL and affected operating systems. Debian and Ubuntu have released patches addressing this issue.
More Info: CVE-2008-0166
PoC: https://www.exploit-db.com/exploits/5720

Severity: Currently Under Analysis
Impacted Products: Certain versions of LG WebOS
Description: A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user.
Remediation: Follow vendor advisories for updates.
More Info: CVE-2023-6319
PoC: https://github.com/illixion/root-my-webos-tv/tree/main

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.