PoC Week 2024-06-02
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.
CVE-2024-23108
- Severity: Awaiting Analysis
- Impacted Products: Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2
- Description: An improper neutralization of special elements used in an os command (‘os command injection’) allows attacker to execute unauthorized code or commands via via crafted API requests.
- Remediation: Follow developer guidance.
- More Info: CVE-2024-23108
- PoC: https://github.com/horizon3ai/CVE-2024-23108/
CVE-2024-4443
- Severity: Awaiting Analysis
- Impacted Products: Business Directory Plugin – Easy Listing Directories for WordPress >= 6.4.2
- Description: Time-based SQL Injection via the ‘listingfields’ parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Remediation: Follow developer guidance.
- More Info: CVE-2024-4443
- PoC: https://github.com/truonghuuphuc/CVE-2024-4443-Poc
CVE-2024-4367
- Severity: Awaiting Analysis
- Impacted Products: PDF.js, affecting Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11
- Description: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context.
- Remediation: Follow developer guidance.
- More Info: CVE-2024-4367
- PoC: https://github.com/s4vvysec/CVE-2024-4367-POC/
CVE-2024-32002
- Severity: 9 CRITICAL
- Impacted Products: Git prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4
- Description: Repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule’s worktree but into a .git/ directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed.
- Remediation: Upgrade git. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.
- More Info: CVE-2024-32002
- PoC: https://github.com/M507/CVE-2024-32002/
CVE-2024-27130
- Severity: 8.1 HIGH
- Impacted Products: WNAP QuTSCloud NAS
- Description: Buffer overflow leading to RCE as root.
- Remediation: Check developer advice.
- More Info: CVE-2024-27130 & writeup/walkthrough from watchtowr
- PoC: https://github.com/watchtowrlabs/CVE-2024-27130 - N.B. stack canaries and ASLR were disabled for the PoC so you’ll have to work around those manually to use it against a live target.
CVE-2024-22026
- Severity: 9.1 CRITICAL
- Impacted Products: Ivanti Endpoint Manager Mobile prior to 12.1.0.0, 12.0.0.0, and 11.12.0.1.
- Description: A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.
- Remediation: Check developer advice.
- More Info: CVE-2024-22026
- PoC: https://github.com/securekomodo/CVE-2024-22026
CVE-2023-34992
- Severity: 10 CRITICAL
- Impacted Products: Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2
- Description: A improper neutralization of special elements used in an os command (‘os command injection’) allows attacker to execute unauthorized code or commands via crafted API requests.
- Remediation: Check developer advice.
- More Info: CVE-2023-34992
- PoC: https://github.com/horizon3ai/CVE-2023-34992/
References
This list was scraped from the quite amazing and highly recommended newsletters below:
Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.