PoC Week 2024-09-30

Posted on Sep 30, 2024

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

Incredibly, the CVEs that came from EvilSocket’s research on the CUPS RCE aren’t explicitly mentioned in the newsletters this week. Here’s the PoC for CVE-2024-47176 and a scanner that simply causes an HTTP pingback if a host is listening.

On with the roundup…

CVE-2024-8503

  • Severity: Awaiting analysis.
  • Impacted Products: VICIdial
  • Description: An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.
  • Remediation: Follow developer guidance.
  • More Info: NVD - CVE-2024-8503
  • PoC: https://github.com/Chocapikk/CVE-2024-8504/

CVE-2024-7120

  • Severity: 5.3 MEDIUM
  • Impacted Products: Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90.
  • Description: This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely.
  • Remediation: Follow developer guidance.
  • More Info: NVD - CVE-2024-8503
  • PoC: https://github.com/fa-rrel/CVE-2024-7120/

CVE-2024-46640

  • Severity: Awaiting analysis.
  • Impacted Products: SeaCMS 13.2.
  • Description: SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method.
  • Remediation: Follow developer guidance.
  • More Info: NVD - CVE-2024-46640
  • PoC: https://gitee.com/zheng_botong/CVE-2024-46640/

CVE-2024-46997

  • Severity: Awaiting analysis.
  • Impacted Products: DataEase < 2.10.1
  • Description: An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1.
  • Remediation: Follow developer guidance.
  • More Info: NVD - CVE-2024-46997
  • PoC: https://github.com/advisories/GHSA-h7mj-m72h-qm8w/

CVE-2024-46946

CVE-2024-29847

  • Severity: 9.8 CRITICAL
  • Impacted Products: Ivanti EPM before 2022 SU6, or the 2024 September update
  • Description: Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
  • Remediation: Follow developer guidance.
  • More Info: NVD - CVE-2024-29847
  • PoC: https://github.com/sinsinology/CVE-2024-29847

CVE-2024-27348

References

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.