The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed.

After a few weeks off, this edition lists all PoCs since the 12th December.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-50623

• Severity: 9.9 CRITICAL
• Impacted Products: Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21
• Description: Unrestricted file upload and download that could lead to remote code execution.
• Remediation: Follow developer guidance.
• More Info: NVD - CVE-2024-50623
• PoC: https://github.com/iSee857/Cleo-CVE-2024-50623-PoC/

CVE-2024-53677

• Severity: Awaiting analysis
• Impacted Products: Apache Struts: from 2.0.0 before 6.4.0
• Description: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based on FileuploadInterceptor your application is safe.
• Remediation: Follow developer guidance.
• More Info: NVD - CVE-2024-53677
• PoC: https://github.com/EQSTLab/CVE-2024-53677/

CVE-2024-38819

• Severity: 7.5 HIGH
• Impacted Products: Various Spring framework versions, see more info link.
• Description: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
• More Info: NVD - CVE-2024-38819
• PoC: https://github.com/masa42/CVE-2024-38819-POC/

CVE-2024-6784

• Severity: 8.7 HIGH
• Impacted Products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
• Description: Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.
• More Info: NVD - CVE-2024-6784
• PoC: https://www.zeroscience.mk/codes/abb_aspect_ssrf1.txt

CVE-2024-55877

• Severity: 9.9 CRITICAL
• Impacted Products: XWiki Platform version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0
• Description: Any user with an account can perform arbitrary remote code execution by adding instances of XWiki.WikiMacroClass to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been fixed in XWiki 15.10.11, 16.4.1 and 16.5.0. It is possible to manually apply the patch to the page XWiki.XWikiSyntaxMacrosList as a workaround.
• More Info: NVD - CVE-2024-55877
• PoC: https://jira.xwiki.org/browse/XWIKI-22030

CVE-2024-55662

• Severity: 9.9 CRITICAL
• Impacted Products: XWiki Platform version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where Extension Repository Application is installed
• Description: Any user can execute any code requiring programming rights on the server. This vulnerability has been fixed in XWiki 15.10.9 and 16.3.0. Since Extension Repository Application is not mandatory, it can be safely disabled on instances that do not use it as a workaround. It is also possible to manually apply the patches from commit 8659f17d500522bf33595e402391592a35a162e8 to the page ExtensionCode.ExtensionSheet and to the page ExtensionCode.ExtensionAuthorsDisplayer.as a workaround.
• More Info: NVD - CVE-2024-55662
• PoC: https://jira.xwiki.org/browse/XWIKI-21890

CVE-2024-50379

• Severity: Awaiting analysis
• Impacted Products: Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
• Description: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).
• More Info: NVD - CVE-2024-50379
• PoC: https://github.com/dear-cell/CVE-2024-50379/

CVE-2024-49039

• Severity: 8.8 HIGH
• Impacted Products: Windows - see the Microsoft Advisory
• Description: Windows Task Scheduler Elevation of Privilege Vulnerability.
• More Info: NVD - CVE-2024-49039
• PoC: https://github.com/je5442804/WPTaskScheduler_CVE-2024-49039/

CVE-2024-45337

• Severity: Awaiting analysis
• Impacted Products: Fedora 40 & 41, Golang 0.0.0 through 0.30.0
• Description: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.
• More Info: NVD - CVE-2024-45337
• PoC: https://github.com/NHAS/CVE-2024-45337-POC/

CVE-2024-41713

• Severity: 9.1 CRITICAL
• Impacted Products: Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201)
• Description: A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
• More Info: NVD - CVE-2024-41713
• PoC: https://github.com/zxj-hub/CVE-2024-41713POC/

CVE-2024-3393

• Severity: 9.1 CRITICAL
• Impacted Products: PAN-OS
• Description: A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
• More Info: NVD - CVE-2024-3393
• PoC: https://github.com/FelixFoxf/-CVE-2024-3393/

CVE-2024-20767

• Severity: 8.2 HIGH
• Impacted Products: ColdFusion versions 2023.6, 2021.12 and earlier
• Description: This vulnerability stems from improper access control that could lead to arbitrary file system read. It allows attackers to bypass security measures, gain unauthorized access to sensitive files, and perform arbitrary file system write operations without requiring user interaction.
• Remediation: Users are advised to follow the guidance provided in Adobe’s official security bulletin to address this vulnerability.
• More Info: CVE-2024-20767 on MITRE
• PoC: https://github.com/m-cetin/CVE-2024-20767

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.