The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-4323

• Severity: 9 CRITICAL
• Impacted Products: Fluent Bit versions 2.0.7 thru 3.0.3.
• Description: A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.
• Remediation: Follow developer guidance.
• More Info: CVE-2024-4323
• PoC: https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323

CVE-2024-3806

• Severity: 9.8 CRITICAL
• Impacted Products: Porto WP Theme up to and including 7.1.0
• Description: The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the ‘porto_ajax_posts’ function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
• Remediation: Check developer advice.
• More Info: CVE-2024-3806
• PoC: https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc

CVE-2024-32735

• Severity: 9.8 CRITICAL
• Impacted Products: CyberPower PowerPanel Enterprise < v2.8.3
• Description: An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.
• Remediation: Check vendor advice.
• More Info: CVE-2024-32735
• PoC: https://www.tenable.com/security/research/tra-2024-14

CVE-2024-32002

• Severity: 9 CRITICAL
• Impacted Products: Git prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4
• Description: Repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule’s worktree but into a .git/ directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed.
• Remediation: Upgrade git. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.
• More Info: CVE-2024-32002
• PoC: https://github.com/M507/CVE-2024-32002/

CVE-2024-29895

• Severity: 10 CRITICAL
• Impacted Products: Cacti 1.3.x DEV branch
• Description: Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when register_argc_argv option of PHP is On.
• Remediation: Check developer advice.
• More Info: CVE-2024-29895
• PoC: https://github.com/Stuub/CVE-2024-29895-CactiRCE-PoC/\

CVE-2024-27130

• Severity: Awaiting Analysis
• Impacted Products: WNAP QuTSCloud NAS
• Description: Buffer overflow leading to RCE as root.
• Remediation: Check developer advice.
• More Info: CVE-2024-27130 & writeup/walkthrough from watchtowr
• PoC: https://github.com/watchtowrlabs/CVE-2024-27130 - N.B. stack canaries and ASLR were disabled for the PoC so you’ll have to work around those manually to use it against a live target.

CVE-2024-22120

• Severity: 9.1 CRITICAL
• Impacted Products: Zabbix Server
• Description: Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to “Audit Log”. Due to “clientip” field is not sanitized, it is possible to injection SQL into “clientip” and exploit time based blind SQL injection.
• Remediation: Check developer advice.
• More Info: CVE-2024-22120
• PoC: https://support.zabbix.com/browse/ZBX-24505

CVE-2024-22026

• Severity: 9.1 CRITICAL
• Impacted Products: Ivanti Endpoint Manager Mobile prior to 12.1.0.0, 12.0.0.0, and 11.12.0.1.
• Description: A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.
• Remediation: Check developer advice.
• More Info: CVE-2024-22026
• PoC: https://github.com/securekomodo/CVE-2024-22026

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.