PoC Week 2024-08-19

Posted on Aug 19, 2024

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-6782

Severity: 9.8 CRITICAL
Impacted Products: Calibre 6.9.0 ~ 7.14.0
Description: Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.
Remediation: Follow developer guidance.
More Info: CVE-2024-6782
PoC: https://starlabs.sg/advisories/24/24-6782/

Severity: Awaiting analysis.
Impacted Products: XWiki < 1.10.1
Description: Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the CKEditor.HTMLConverter page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack.
Remediation: Follow developer guidance.
More Info: CVE-2024-42489
PoC: https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-cfq3-q227-7j65

Severity: 9.8 CRITICAL
Impacted Products: llama.cpp < b3561
Description: llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpc_tensor structure can cause arbitrary address writing.
Remediation: Follow developer guidance.
More Info: CVE-2024-42479
PoC: https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj

Severity: 9.1 CRITICAL
Impacted Products: Havoc 2.0.7
Description: An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling allows attackers to send arbitrary network traffic originating from the team server.
Remediation: Follow developer guidance.
More Info: CVE-2024-41570
PoC: https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/

Severity: Awaiting analysis.
Impacted Products: Gnuboard g6 6.0.7
Description: The software is vulnerable to Session hijacking due to a CORS misconfiguration.
Remediation: Follow developer guidance.
More Info: CVE-2024-41475
PoC: https://gist.github.com/AkiaCode/7c878b1699931314246d6589d86b1e89

Severity: 9.8 CRITICAL
Impacted Products: GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4
Description: Shell injection vulnerability via the interface check_ovpn_client_config and check_config.
Remediation: Follow developer guidance.
More Info: CVE-2024-39228
PoC: https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Ovpn%20interface%20shell%20injection.md

Severity: 9.8 CRITICAL
Impacted Products: GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4
Description: Insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data.
Remediation: Follow developer guidance.
More Info: CVE-2024-39227
PoC: https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Access%20to%20the%20C%20library%20without%20logging%20in.md

Severity: 9.8 CRITICAL
Impacted Products: GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4
Description: Vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.
Remediation: Follow developer guidance.
More Info: CVE-2024-39226
PoC: https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/s2s%20interface%20shell%20injection.md

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.