The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs and those affecting open source projects with very small userbases aren’t listed.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-6387

• Severity: 8.2 HIGH
• Impacted Products: sshd
• Description: A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. (The vuln is also known as ‘RegreSSHion’ as it’s a regression of CVE-2006-5051)
• Remediation: Follow developer guidance.
• More Info: CVE-2024-6387
• PoC: https://github.com/zgzhang/cve-2024-6387-poc/

CVE-2024-50603

• Severity: 8.2 HIGH
• Impacted Products: Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996.
• Description: Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
• Remediation: Follow developer guidance.
• More Info: CVE-2024-50603
• PoC: https://github.com/th3gokul/CVE-2024-50603

CVE-2024-4577

• Severity: 9.8 CRITICAL
• Impacted Products: PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages.
• Description: Windows may use “Best-Fit” behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
• Remediation: Follow developer guidance.
• More Info: CVE-2024-4577
• PoC: https://github.com/watchtowrlabs/CVE-2024-4577/

CVE-2024-21887

• Severity: 9.1 CRITICAL
• Impacted Products: Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x)
• Description: Command injection vulnerability allowing an authenticated administrator to execute arbitrary commands.
• Remediation: Apply mitigations per vendor instructions or discontinue use if mitigations unavailable.
• More Info: NVD - CVE-2024-21887
• PoC: https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887

CVE-2024-11972

• Severity: 9.1 CRITICAL
• Impacted Products: The Hunk Companion WordPress plugin before 1.9.0
• Description: Does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary plugins.
• Remediation: Apply mitigations per vendor instructions or discontinue use if mitigations unavailable.
• More Info: NVD - CVE-2024-11972
• PoC: https://github.com/JunTakemura/exploit-CVE-2024-11972/

CVE-2023-46805

• Severity: 8.2 HIGH
• Impacted Products: Ivanti ICS (9.x, 22.x) and Ivanti Policy Secure
• Description: Authentication bypass in web component allows remote access to restricted resources by bypassing control checks.
• Remediation: Apply mitigations per vendor instructions or discontinue use if mitigations are unavailable.
• More Info: NVD - CVE-2023-46805
• PoC: https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.