PoC Week 2024-07-14

Posted on Jul 14, 2024

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-5806

Severity: Awaiting analysis
Impacted Products: MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
Description: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.
Remediation: Follow developer guidance.
More Info: CVE-2024-5806
PoC: https://github.com/watchtowrlabs/watchTowr-vs-progress-moveit_CVE-2024-5806/

Severity: Awaiting analysis
Impacted Products: Geotools prior to versions 31.2, 30.4, and 29.6.
Description: Remote Code Execution (RCE) is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input.
Remediation: Follow developer guidance.
More Info: CVE-2024-36404
PoC: https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w

Severity: Awaiting analysis
Impacted Products: sshd
Description: A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. (The vuln is also known as ‘RegreSSHion’ as it’s a regression of CVE-2006-5051)
Remediation: Follow developer guidance.
More Info: CVE-2024-6387
PoC: https://github.com/zgzhang/cve-2024-6387-poc/

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.