www.coresecurity.com
Open in
urlscan Pro
2606:4700::6812:bcc
Public Scan
Submitted URL: https://t.co/GSYBck5w1O
Effective URL: https://www.coresecurity.com/blog/core-impact-monthly-chronicle-exploits-and-updates-june-2024
Submission: On November 26 via api from IN — Scanned from DE
Effective URL: https://www.coresecurity.com/blog/core-impact-monthly-chronicle-exploits-and-updates-june-2024
Submission: On November 26 via api from IN — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Cookie-Präferenzen
Skip to main content
* Fortra.com
* Contact Us
* Support
* All Fortra Products
* FREE TRIALS
* Fortra.com
* Contact Us
* Support
* All Fortra Products
* FREE TRIALS
* Cyber Threat Toggle Dropdown
PRODUCTS
* Core Impact Penetration testing software
* Cobalt Strike Red team software
* Outflank Security Tooling (OST) Evasive attack simulation
* Event Manager Security information and event management
* Powertech Antivirus Server-level virus protection
* Product Bundles Layered security solutions
SOLUTIONS
* Penetration Testing
* Penetration Testing Services
* Offensive Security
* Threat Detection
* Security Information and Event Management
* Penetration Testing Services Security consulting services
* Identity Toggle Dropdown
PRODUCTS
* Access Assurance Suite User provisioning and governance
* Core Password & Secure Reset Self-service password management
* Core Privileged Access Manager (BoKS) Privileged access management
(PAM)
SOLUTIONS
* Privileged Access Management
* Identity Governance & Administration
* Password Management
* See How to Simplify Access in Your Organization | Request a Demo
* Industries Toggle Dropdown
* Healthcare
* Financial Services
* Federal Government
* Retail
* Utilities & Energy
* Higher Education
* Compliance
* Resources Toggle Dropdown
* Upcoming Webinars & Events
* Blogs
* Case Studies
* Videos
* Datasheets
* Guides
* Training
* Compliance
* All Resources
* CoreLabs Toggle Dropdown
* Advisories
* Exploits
* Articles
* Impacket
* About Toggle Dropdown
* Partners
* Careers
* Newsroom
* Contact Us
1. Home
2. Blog
3. Core Impact Monthly Chronicle: Exploits and Updates | June 2024
CORE IMPACT MONTHLY CHRONICLE: EXPLOITS AND UPDATES | JUNE 2024
CORE IMPACT EXPLOIT LIBRARY ADDITIONS
One of Core Impact’s most valuable features is its certified exploit library.
Fortra’s Core Security has a team of expert exploit writers that conduct
research, evaluating and prioritizing the most relevant vulnerabilities in order
to update the library with critical and useful exploits. Additionally, the QA
team creates its own clean environment to validate each exploit before its
release to ensure our standards and validate that it is safe and ready to use.
While you can keep track of new releases through our exploit mailing list, here
is a more detailed summary of some of the most recent additions to the library.
CVE-2024-24919 - CHECK POINT SECURITY GATEWAY TRAVERSAL EXPLOIT
Authors: Marcos Accossatto and Daniel De Luca (QA)
CVSS: 8.6 HIGH
Reference: CVE-2024-24919
A directory traversal vulnerability was found in Check Point’s Network Security
gateway products, including CloudGuard Network, Quantum Maestro, Quantum
Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. If
exploited, attackers can extract system files from these gateways.
This vulnerability was a ZeroDay flaw that has been exploited by attackers since
April. Users are urged to patch this vulnerability as soon as possible by
implementing the available Hotfix.
With this exploit, a pen tester could simulate an unauthenticated attacker and
access and download sensitive data, including password hashes for local
accounts. These hashes could then be cracked and used to potentially elevate
privileges.
CVE-2023-36003 - MICROSOFT WINDOWS INITIALIZEXAMLDIAGNOSTICSEX LOCAL PRIVILEGE
ESCALATION EXPLOIT
CVSS: 7.3 HIGH
Reference: CVE-2023-36003
A vulnerability was discovered in the XAML Diagnostics API in Windows, which is
designed to inspect XAML applications. If exploited, an authorized attacker with
regular user privileges may be able to inject a malicious file and then convince
a user to execute a UWP application.
This exploit enables a pen tester to imitate an authorized attacker and
potentially gain full SYSTEM privileges.
CVE-2024-27348 - APACHE HUGEGRAPH GREMLIN SCRIPT REMOTE CODE EXECUTION EXPLOIT
Authors: Marcos Accossatto, Luis García Sierra (QA) and Daniel De Luca (QA)
CVSS: 9.8 CRITICAL
Reference: CVE-2024-27348
A critical vulnerability was discovered in Apache HugeGraph, an open-source
graph database. If exploited, attackers could achieve remote code execution
using the graph traversal language, Gremlin, to bypass sandbox restrictions.
Given the criticality of this vulnerability and the public availability of
exploit code, users are urged to upgrade to version 1.3 as soon as possible.
Pen testers can use this exploit to imitate a remote attacker, potentially
extracting sensitive data or gaining full control of the server.
CVE-2024-4577 - PHP CGI ARGUMENT INJECTION VULNERABILITY REMOTE CODE EXECUTION
EXPLOIT
Authors: Marcos Accossatto and Luis García Sierra (QA)
CVSS: 9.8 CRITICAL
Reference: CVE-2024-4577
A critical vulnerability was discovered in PHP when used with Apache and PHI-CGI
on Windows systems configured to use certain code features. If exploited,
attackers can use an argument injection to execute arbitrary code.
Attempts have already been made to exploit this vulnerability in the wild.
Additionally, as this vulnerability impacts every version of PHP on Windows,
users are urged to implement the fix as soon as possible.
With this exploit, pen testers can imitate a remote attacker and pass options to
PHP binary being run, eventually executing system commands in the context of the
affected application.
CVE-2018-2628 - ORACLE WEBLOGIC SERVER WLS REMOTE CODE EXECUTION EXPLOIT—UPDATE
Authors: Fernando Páez Barceló and Daniel De Luca (QA)
CVSS: 9.8 CRITICAL
Reference: CVE-2018-2628
A vulnerability was found in the server component of Oracle Fusion Middleware, a
platform that enables the development, deployment, and management of enterprise
applications, primary in cloud environments. When exploited, an attacker could
potentially take control of an Oracle WebLogic Server.
This exploit enables a pen tester to simulate an unauthenticated attacker with
network access through the T3 protocol could send a serialized object to execute
code on vulnerable hosts, eventually obtaining full privileges for the entire
target system.
Originally released in December 2023, this exploit has been updated to fix an
issue that occurred when used in a pivoted context.
CVE-2024-21887 & CVE-2023-46805 - IVANTI CONNECT SECURE UNAUTHENTICATED REMOTE
CODE EXECUTION EXPLOITS
Authors: Fernando Páez Barceló and Nahuel Gonzalez (QA)
CVSS: 9.1 CRITICAL & 8.2 CRITICAL
Reference: CVE-2024-21887 and CVE-2023-46805
This module exploits two vulnerabilities. First, it uses CVE-2023-46805, which
is an authentication bypass vulnerability in the web component of Ivanti ICS
9.x, 22.x and Ivanti Policy Secure. When exploited, it allows the execution of
commands and control check bypass, leveraging the lack of authentication in
"/api/v1/totp/user-backup-code" and allowing unauthenticated access and path
traversal.
Then, the module uses the command injection CVE-2024-21887 vulnerability to
execute remote commands in "/api/v1/license/key-status/path:node_name"
The exploit allows testers to deploy a Core Impact agent to gain full access
into the compromised machine.
Attackers have actively exploited these vulnerabilities in the wild, including a
recent incident in which the Mirai botnet was deployed. They have been added
CISA’s Known Exploited Vulnerabilities Catalog and CISA has also released a
joint advisory to consider the significant risks of continuing to operate these
devices. Users are urged to patch this vulnerability as soon as possible.
Using this exploit, pen testers can imitate an attacker, enabling them to gain a
foothold and potentially fully compromise an internal enterprise network.
CVE-2024-26229 - MICROSOFT WINDOWS CSC SERVICE PRIVILEGE ESCALATION EXPLOIT
Authors: Cristian Rubio and Arthur Lallemant (QA)
CVSS: 7.8 HIGH
Reference: CVE-2024-26229
A privilege escalation vulnerability was discovered in the Client Side Caching
Driver (csc.sys) in Microsoft Windows. Since the driver Is vulnerable to a
memory corruption, it is at risk of an arbitrary memory write. If exploited, an
attacker with limited credentials could escalate privileges and potentially
execute arbitrary code.
With this exploit, pen testers can simulate a local unprivileged user and allow
them to gain SYSTEM privileges, which could lead to unauthorized actions
including modifying configurations, deploying malware, or exfiltrating sensitive
information.
Meet the Author
PABLO ZURRO
Cybersecurity Product Manager
Core Security, by Fortra
View Profile
Related Products
Core Impact
Related Content
Blog
Core Impact Monthly Chronicle: Exploits and Updates | May 2024
Blog
Core Impact Monthly Chronicle: Exploits and Updates | April 2024
Blog
Core Impact Monthly Chronicle: Exploits and Updates | March 2024
Blog
Open Source vs. Enterprise: Why Not All Exploits are Created Equal
LEARN MORE ABOUT CORE IMPACT
WATCH DEMO
* Email Us
* X Find us on Twitter
* LinkedIn Find us on LinkedIn
* Facebook Find us on Facebook
* YouTube Find us on YouTube
PRODUCTS
* Access Assurance Suite
* Core Impact
* Cobalt Strike
* Event Manager
* Browse All Products
SOLUTIONS
* IDENTITY GOVERNANCE
* PAM
* IGA
* IAM
* Password Management
* Vulnerability Management
* Compliance
* CYBER THREAT
* Penetration Testing
* Red Team
* Phishing
* Threat Detection
* SIEM
RESOURCES
* Upcoming Webinars & Events
* Corelabs Research
* Blog
* Training
ABOUT
* Our Company
* Partners
* Careers
* Accessibility
Also of Interest
* Core Impact Monthly Chronicle: Exploits and...
* Core Impact Monthly Chronicle: Exploits and...
* Core Impact Monthly Chronicle: Exploits and...
SUPPORT
PRIVACY POLICY
CONTACT
IMPRESSUM
COOKIE POLICY
Copyright © Fortra, LLC and its group of companies. Fortra®, the Fortra® logos,
and other identified marks are proprietary trademarks of Fortra, LLC.