PoC Week 2024-05-05
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.
CVE-2024-32651
- Severity: 10.0 CRITICAL
- Impacted Products: changedetection.io (specifically the use of Jinja2 for server-side template rendering)
- Description: This CVE identifies a critical Server Side Template Injection (SSTI) vulnerability in Jinja2 used by changedetection.io, which allows for Remote Command Execution (RCE) on the server host. This issue enables attackers to execute system commands unrestrictedly, potentially leading to a complete server takeover. The severity of the threat is escalated by the fact that no login is required to exploit this vulnerability, although the risk can be somewhat mitigated if the service is run behind authentication.
- Remediation: Implementing an authentication mechanism for accessing changedetection.io could help mitigate this vulnerability. Additionally, reviewing and sanitizing the template rendering process in Jinja2 to prevent template injection is advised.
- More Info: NVD CVE-2024-32651
- PoC: https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4r7v-whpg-8rx3
CVE-2024-2389
- Severity: 10.0 CRITICAL
- Impacted Products: Flowmon versions 11.x and 12.x prior to 11.1.14 and 12.3.5
- Description: This vulnerability is an operating system command injection flaw identified in certain versions of Flowmon. An unauthenticated user can exploit this via the Flowmon management interface to execute arbitrary system commands.
- Remediation: Users should update to Flowmon version 11.1.14 or 12.3.5 to address this vulnerability.
- More Info: CVE-2024-2389
- PoC: https://github.com/adhikara13/CVE-2024-2389
CVE-2024-21111
- Severity: 7.8 HIGH
- Impacted Products: Oracle VM VirtualBox, Oracle Virtualization (Core component), versions prior to 7.0.16
- Description: This vulnerability allows a low privileged attacker with system logon access to the infrastructure running Oracle VM VirtualBox to potentially take over the Oracle VM VirtualBox. This issue is specifically noted to affect Windows hosts.
- Remediation: Users should upgrade to a non-vulnerable version. For specific mitigation techniques, refer to Oracle’s official security advisory.
- More Info: CVE-2024-21111 on NVD
- PoC: https://github.com/mansk1es/CVE-2024-21111
References
This list was scraped from the quite amazing and highly recommended newsletters below:
Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.