PoC Week 2024-06-09

Posted on Jun 9, 2024

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-24919

  • Severity: Awaiting Analysis
  • Impacted Products: Checkpoint Security Gateway and other Checkpoint products.
  • Description: Path traversal bug potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades.
  • Remediation: Follow developer guidance.
  • More Info: CVE-2024-24919
  • PoC: https://github.com/Bytenull00/CVE-2024-24919

CVE-2024-21683

  • Severity: HIGH 8.3
  • Impacted Products: Confluence Data Center and Server.
  • Description: This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.3, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.
  • Remediation: Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions.
  • More Info: CVE-2024-21683
  • PoC: https://github.com/absholi7ly/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server

CVE-2024-25600

  • Severity: Awaiting Analysis
  • Impacted Products: This issue affects Bricks Builder: from n/a through 1.9.6.
  • Description: Improper Control of Generation of Code (‘Code Injection’) vulnerability in Codeer Limited Bricks Builder allows Code Injection.
  • Remediation: Follow developer guidance.
  • More Info: CVE-2024-25600
  • PoC: https://github.com/Chocapikk/CVE-2024-25600

CVE-2024-4358

  • Severity: Awaiting Analysis
  • Impacted Products: Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier.
  • Description: On IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
  • Remediation: Follow developer guidance.
  • More Info: CVE-2024-4358
  • PoC: https://github.com/sinsinology/CVE-2024-4358

CVE-2024-3400

  • Severity: 10 CRITICAL
  • Impacted Products: Palo Alto Networks PAN-OS, specifically versions 10.2.0, 11.0.0, and 11.1.0
  • Description: The vulnerability is a command injection flaw in the GlobalProtect feature of PAN-OS, allowing an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Notably, Cloud NGFW, Panorama appliances, and Prisma Access are not affected.
  • Remediation: Users are advised to apply mitigations as per vendor instructions when available. For vulnerable versions, enable Threat Prevention IDs or disable device telemetry until patches are issued.
  • More Info: CVE-2024-3400 on NVD
  • PoC: https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400

CVE-2024-23108

  • Severity: Awaiting Analysis
  • Impacted Products: Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2
  • Description: An improper neutralization of special elements used in an os command (‘os command injection’) allows attacker to execute unauthorized code or commands via via crafted API requests.
  • Remediation: Follow developer guidance.
  • More Info: CVE-2024-23108
  • PoC: https://github.com/horizon3ai/CVE-2024-23108

References

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.