PoC Week 2024-07-29

Posted on Jul 29, 2024

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-3273

  • Severity: 9.8: CRITICAL
  • Impacted Products: D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403.
  • Description: Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely.
  • Remediation: Follow developer guidance here.
  • More Info: CVE-2024-3273
  • PoC: https://github.com/nickswink/D-Link-NAS-Devices-Unauthenticated-RCE/

CVE-2024-6387

  • Severity: 8.1: HIGH
  • Impacted Products: sshd
  • Description: A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. (The vuln is also known as ‘RegreSSHion’ as it’s a regression of CVE-2006-5051)
  • Remediation: Follow developer guidance.
  • More Info: CVE-2024-6387
  • PoC: https://github.com/zgzhang/cve-2024-6387-poc/

CVE-2024-6205

  • Severity: 9.8: CRITICAL
  • Impacted Products: PayPlus Payment Gateway WordPress plugin before 6.6.9.
  • Description: The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.
  • Remediation: Follow developer guidance.
  • More Info: CVE-2024-6205
  • PoC: https://github.com/j3r1ch0123/CVE-2024-6205

CVE-2024-4879

  • Severity: Awaiting analysis
  • Impacted Products: ServiceNow, self hosted - SN-hosted platforms have been patched.
  • Description: ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.
  • Remediation: Follow developer guidance.
  • More Info: CVE-2024-4879
  • PoC: https://github.com/Mr-r00t11/CVE-2024-4879/

CVE-2024-4885

  • Severity: Awaiting analysis
  • Impacted Products: WhatsUp Gold versions released before 2023.1.3.
  • Description: An unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
  • Remediation: Follow developer guidance.
  • More Info: CVE-2024-4885
  • PoC: https://github.com/sinsinology/CVE-2024-4885/

CVE-2024-40628

  • Severity: Awaiting analysis
  • Impacted Products: Jumpserver prior to 3.10.12 and 4.0.0.
  • Description: An attacker can exploit the ansible playbook to read arbitrary files in the celery container, leading to sensitive information disclosure. The Celery container runs as root and has database access, allowing the attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways.
  • Remediation: Follow developer guidance.
  • More Info: CVE-2024-40628
  • PoC: https://github.com/jumpserver/jumpserver/security/advisories/GHSA-rpf7-g4xh-84v9

CVE-2024-24919

  • Severity: Awaiting Analysis
  • Impacted Products: Checkpoint Security Gateway and other Checkpoint products.
  • Description: Path traversal bug potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades.
  • Remediation: Follow developer guidance.
  • More Info: CVE-2024-24919
  • PoC: https://github.com/Bytenull00/CVE-2024-24919

References

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.