www.coresecurity.com Open in urlscan Pro
2606:4700::6812:bcc  Public Scan

Submitted URL: https://t.co/UnRPVXOqD2
Effective URL: https://www.coresecurity.com/blog/core-impact-monthly-chronicle-exploits-and-updates-july-2024
Submission: On December 20 via api from IN — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

Cookie-Präferenzen
Skip to main content
 * Fortra.com
 * Contact Us
 * Support
 * All Fortra Products
 * FREE TRIALS

 * Fortra.com
 * Contact Us
 * Support
 * All Fortra Products
 * FREE TRIALS

 * Cyber Threat Toggle Dropdown
   
      PRODUCTS
      
       * Core Impact Penetration testing software
       * Cobalt Strike Red team software
       * Outflank Security Tooling (OST) Evasive attack simulation
       * Event Manager Security information and event management
       * Powertech Antivirus Server-level virus protection
       * Product Bundles Layered security solutions
   
      SOLUTIONS
      
       * Penetration Testing
       * Penetration Testing Services
       * Offensive Security
       * Threat Detection
       * Security Information and Event Management
   
    * Penetration Testing Services Security consulting services

 * Identity Toggle Dropdown
   
      PRODUCTS
      
       * Access Assurance Suite User provisioning and governance
       * Core Password & Secure Reset Self-service password management
       * Core Privileged Access Manager (BoKS) Privileged access management
         (PAM)
   
      SOLUTIONS
      
       * Privileged Access Management
       * Identity Governance & Administration
       * Password Management
   
    * See How to Simplify Access in Your Organization | Request a Demo

 * Industries Toggle Dropdown
    * Healthcare
    * Financial Services
    * Federal Government
    * Retail
    * Utilities & Energy
    * Higher Education
    * Compliance

 * Resources Toggle Dropdown
    * Upcoming Webinars & Events
    * Blogs
    * Case Studies
    * Videos
    * Datasheets
    * Guides
    * Training
    * Compliance
    * All Resources

 * CoreLabs Toggle Dropdown
    * Advisories
    * Exploits
    * Articles
    * Impacket

 * About Toggle Dropdown
    * Partners
    * Careers
    * Newsroom
    * Contact Us

 1. Home
 2. Blog
 3. Core Impact Monthly Chronicle: Exploits and Updates | July 2024

CORE IMPACT MONTHLY CHRONICLE: EXPLOITS AND UPDATES | JULY 2024





CORE IMPACT EXPLOIT LIBRARY ADDITIONS

One of Core Impact’s most valuable features is its certified exploit library.
Fortra’s Core Security has a team of expert exploit writers that conduct
research, evaluating and prioritizing the most relevant vulnerabilities in order
to update the library with critical and useful exploits. Additionally, the QA
team creates its own clean environment to validate each exploit before its
release to ensure our standards and validate that it is safe and ready to use.

While you can keep track of new releases through our exploit mailing list, here
is a more detailed summary of some of the most recent additions to the library.


CVE-2024-28995 - SOLARWINDS SERV-U FTP SERVER PATH TRAVERSAL VULNERABILITY
EXPLOIT

Authors: Esteban Kazimirow and Luis García Sierra (QA)

CVSS: 7.5 HIGH

Reference: CVE-2024-28995

A vulnerability was found in Serv-U, a managed file transfer and file transfer
protocol solution from SolarWinds. If exploited, an unauthenticated, remote
attacker could potentially access sensitive information from files stored on an
organization’s server. 

This vulnerability is actively being exploited in the wild, especially in
smash-and-grab attacks, in which malicious actors extort victims using data that
was swiftly extracted from vulnerable file transfer solutions. Users are urged
to upgrade to version Serv-U 15.4.2.157 as soon as possible.

With this exploit, a pen tester could imitate a threat actor to exploit the
directory traversal, download a file, and save it locally to a specified
location.  


CVE-2024-1800 & CVE-2024-4358 - PROGRESS TELERIK REPORT SERVER VULNERABILITIES
EXPLOIT

Authors: Marcos Accossatto and Daniel De Luca (QA)

CVSS: 9.9 CRITICAL, 9.8 CRITICAL

Reference: CVE-2024-1800, CVE-2024-4358

Two vulnerabilities were discovered in the reporting platform, Progress Telerik
Report Server. CVE-2024-1800 is an insecure deserialization vulnerability. If
exploited, an attacker could remotely run malicious code on a target server.
CVE-2024-4358 is an authentication bypass vulnerability. If exploited, an
unauthenticated attacker could bypass verification systems, enabling them to
potentially view, modify, or delete reports and configurations without needing
valid credentials. 

Due to the severity of these vulnerabilities, users are urged to update to
Report Server 2024 Q2 (10.1.24.514) in order to avoid the creation of rogue
administrative accounts. 

This exploit chains these two vulnerabilities together, enabling a pen tester to
deploy an agent that will run with root user privileges, allowing him to make
unauthorized changes, extract data, or compromise the system. 


CVE-2023-36802 – MICROSOFT STREAMING SERVICE ELEVATION OF PRIVILEGE
VULNERABILITY EXPLOIT—UPDATE

Authors: Cristian Rubio and Luis García Sierra (QA)

CVSS: 7.8 HIGH

Reference: CVE-2023-36802

A vulnerability was found in the Windows Streaming service, which runs as
SYSTEM, and can be exploited to allow local users to gain elevated privileges on
the Windows operating system. 

This vulnerability has multiple instances of being exploited in the wild.

This exploit takes advantage of this recent Microsoft vulnerability in the
streaming service within Windows Kernel. It can be used to simulate an attacker
that uses this vulnerability to escalate their privileges, gaining access to
sensitive data or pivoting to eventually achieve full system control.

Originally released in November 2023, this exploit has been updated to add
reliability improvements when checking if the target is vulnerable


CVE-2024-5276 - FILECATALYST WORKFLOW JOBID SQL INJECTION VULNERABILITY EXPLOIT

Authors: Fernando Páez Barceló and Daniel De Luca (QA)

CVSS: 9.8 CRITICAL

Reference: CVE-2024-5276

A critical vulnerability was discovered in FileCatalyst, an accelerated file
transfer software solution from Fortra. If exploited, an attacker could access
sensitive data, disrupt services, or gain full control over a target system.

Due to the severity of the vulnerability, users are urged to update to version
5.1.6 build 139 to ensure an attacker cannot modify application data. 

With this exploit, pen testers can assess if an organization’s system is
vulnerable by using this module to create an administrative user (without
authentication) and proceed through validation mechanisms using this newly
created user.


CVE-2021-26855 & CVE-2021-27065 - MICROSOFT EXCHANGE PROXYLOGON REMOTE CODE
EXECUTION VULNERABILITY EXPLOIT—UPDATE

Authors: Marcos Accossatto and Daniel De Luca (QA)

CVSS: 9.8 CRITICAL, 7.8 HIGH 

Reference: CVE-2021-26855 CVE-2021-27065

These vulnerabilities are part of the ProxyLogon exploit chain, which impacted
thousands of customers globally when initially discovered due to its ease of use
and ability to provide an attacker with persistent system access. Though updates
mitigating these flaws have been available since 2021, unpatched systems may
still be vulnerable, especially in environments where patch management is
challenging or neglected.

This exploit uses the chain of CVE-2021-26855 with CVE-2021-27065. This
combination of a server-side request forgery vulnerability and an arbitrary file
write vulnerability enables a pen tester to execute commands with SYSTEM
privileges in the Microsoft Exchange Server.

Originally released in March 2021, this exploit has been updated to add several
parameters for module flexibility and more log verbosity on errors, as well as
fix a bug when using autodiscover to retrieve email SID.


CVE-2024-29824 - IVANTI CORE SERVER EPM REMOTE CODE EXECUTION EXPLOIT

Authors: Esteban Kazimirow and Daniel De Luca (QA)

CVSS: 9.6 CRITICAL

Reference: CVE-2024-29824

An SQL injection vulnerability was found in Ivanti Endpoint Manager. If
exploited, an attacker could execute arbitrary commands on the Ivanti EPM core
server, enabling them to access, modify, and extract sensitive data.

Due to the severity of the vulnerability, users are urged to implement the May
2024 Hotfix as soon as possible to protect against this and several other
vulnerabilities.  

Using this exploit, a pen tester could simulate an unauthenticated attacker
within the same network and execute arbitrary code.

Meet the Author


PABLO ZURRO

Cybersecurity Product Manager
Core Security, by Fortra
View Profile
Related Products
Core Impact
Related Content
Blog
Core Impact Monthly Chronicle: Exploits and Updates | June 2024
Blog
Core Impact Monthly Chronicle: Exploits and Updates | May 2024
Blog
Core Impact Monthly Chronicle: Exploits and Updates | April 2024
Blog
Open Source vs. Enterprise: Why Not All Exploits are Created Equal


LEARN MORE ABOUT CORE IMPACT

WATCH DEMO
 * Email Us
 * X Find us on Twitter
 * LinkedIn Find us on LinkedIn
 * Facebook Find us on Facebook
 * YouTube Find us on YouTube


PRODUCTS

 * Access Assurance Suite
 * Core Impact
 * Cobalt Strike
 * Event Manager
 * Browse All Products


SOLUTIONS

 * IDENTITY GOVERNANCE

 * PAM
 * IGA
 * IAM
 * Password Management
 * Vulnerability Management
 * Compliance

 * CYBER THREAT

 * Penetration Testing
 * Red Team
 * Phishing
 * Threat Detection
 * SIEM


RESOURCES

 * Upcoming Webinars & Events
 * Corelabs Research
 * Blog
 * Training


ABOUT

 * Our Company
 * Partners
 * Careers
 * Accessibility
 * info@fortra.com

Also of Interest
 * Core Impact Monthly Chronicle: Exploits and...
 * Core Impact Monthly Chronicle: Exploits and...
 * Core Impact Monthly Chronicle: Exploits and...


SUPPORT


PRIVACY POLICY


CONTACT


IMPRESSUM


COOKIE POLICY

Copyright © Fortra, LLC and its group of companies. Fortra™, the Fortra™ logos,
and other identified marks are proprietary trademarks of Fortra, LLC.