The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-51132

• Severity: Awaiting analysis
• Impacted Products: Red Hat Camel Spring Boot 4 and 3. JBoss Fuse 7. Fhir < 6.4.0, Red Hat Integration 1.
• Description: An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.
• Remediation: Follow developer guidance.
• More Info: NVD - CVE-2024-51132
• PoC: https://github.com/JAckLosingHeart/CVE-2024-51132-POC

CVE-2024-49040

• Severity: 7.5 HIGH
• Impacted Products: Microsoft Exchange (PoC article also lists other vuln mail services)
• Description: Microsoft Exchange Server Spoofing Vulnerability
• Remediation: Follow developer guidance.
• More Info: NVD - CVE-2024-49040
• PoC: https://blog.slonser.info/posts/email-attacks/

CVE-2024-8068

• Severity: 5.1 MEDIUM
• Impacted Products: Citrix Virtual Apps and Desktops
• Description: Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
• Remediation: Follow developer guidance.
• More Info: NVD - CVE-2024-8068
• PoC: https://raw.githubusercontent.com/watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit/refs/heads/main/exploit-citrix-xen.py

CVE-2024-5910

• Severity: 10 CRITICAL
• Impacted Products: Palo Alto Networks Expedition
• Description: Admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
• Remediation: Follow developer guidance.
• More Info: NVD - CVE-2024-5910
• PoC: https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/

CVE-2024-50667

• Severity: Awaiting analysis
• Impacted Products: Trendnet TEW-820AP 1.01.B01
• Description: The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows attackers to construct payloads for attacks.
• More Info: NVD - CVE-2024-50667
• PoC: https://raw.githubusercontent.com/ixout/iotVuls/refs/heads/main/Trendnet/TEW_820/report.md

CVE-2024-48746

• Severity: Awaiting analysis
• Impacted Products: Lens Visual integration with Power BI v.4.0.0.3
• Description: An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component.
• More Info: NVD - CVE-2024-48746
• PoC: https://gist.github.com/KaiqueFerreiraPeres/a56c33104a52019c533e4283c257d3a0

CVE-2024-47575

• Severity: 9.8 CRITICAL
• Impacted Products: FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7
• Description: Vuln allows attacker to execute arbitrary code or commands via specially crafted requests.
• More Info: NVD - CVE-2024-47575
• PoC: https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575/ and full blog post here.

CVE-2024-45409

• Severity: 9.8 CRITICAL
• Impacted Products: Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0
• Description: The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
• More Info: NVD - CVE-2024-45409
• PoC: https://github.com/synacktiv/CVE-2024-45409

CVE-2024-10914

• Severity: 9.2 CRITICAL
• Impacted Products: D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028
• Description: It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
• More Info: NVD - CVE-2024-10914
• PoC: https://github.com/imnotcha0s/CVE-2024-10914

CVE-2024-27195

• Severity: Awaiting analysis
• Impacted Products: Trimble TM4Web 22.2.0
• Description: Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw request. If the access code was used to create an Administrator account, attackers are also able to register new Administrator accounts with full privileges.
• More Info: NVD - CVE-2024-27195
• PoC: https://packetstormsecurity.com/files/178023/trimbletm4web2220-escalate.txt

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.