Go back

VulnCheck Initial Access Intelligence Update - August 2024

avatar
Patrick Garrityin/patrickmgarrity/

VulnCheck Initial Access Intelligence equips organizations and security teams with detection artifacts including Suricata signatures, YARA rules, PCAPs, and private exploit PoCs to defend against initial access vulnerabilities that are either already being exploited or likely to be exploited soon.

In August 2024, VulnCheck crossed 270+ Initial Access Intelligence (IAI) artifacts, developing artifacts for 20 CVEs, covering 17 different vendors and products.

It's worth mentioning that CVE-2024-38856, affecting Apache OFBiz, had detection artifacts published by VulnCheck on August 5, 2024. The vulnerability was later confirmed as exploited in the wild by Fortinet on August 19, 2024, and CISA on August 27, 2024.

Initial Access Intelligence - July 2024

To provide better visibility into these updates, we’ve broken down August’s Initial Access Intelligence Artifacts by CVE. For each CVE, we provide a range of detection tools including:

  • Exploits
  • Version scanners
  • PCAPs
  • Suricata rules
  • Snort rules
  • YARA rules
  • Greynoise/Censys/Shodan queries

August 2024 Initial Access Artifacts

Artifact NameDate AddedCVEExploitVersion ScannerpcapSuricata RulesnortRuleyara
Exim SPA Auth Bypass2024-08CVE-2020-12783
GNU GLIBC "Looney Tunables" Local Privilege Escalation2024-08CVE-2023-4911
Anyscale Ray CPU Profile Command Injection2024-08CVE-2023-6019
WooCommerce Payments Authentication Bypass2024-08CVE-2023-28121
Anyscale Ray Job Execution (Unpatched)2024-08CVE-2023-48022
Delta Electronics DIAEnergie RecalculateScript Script Injection2024-08CVE-2024-4547
Delta Electronics DIAEnergie RecalculateHDMWYC Script Injection2024-08CVE-2024-4548
Fortra FileCatalyst Workflow SQL Injection2024-08CVE-2024-5276
Calibre Content Server RCE2024-08CVE-2024-6782
Ivanti vTM Authentication Bypass2024-08CVE-2024-7593
SPIP porte_plume plugin unauthenticated RCE2024-08CVE-2024-7954
Cisco Smart Software Manager On-Prem Password Reset2024-08CVE-2024-20419
Spring Cloud Dataflow Arbitrary File Write2024-08CVE-2024-22263
Authentication bypass allows for administrative access to upload ASP documents, leading to remote code execution.2024-08CVE-2024-26331
SolarWinds Web Help Desk Hard-coded Credentials2024-08CVE-2024-28987
IPv6 Network Stack Overflow DoS2024-08CVE-2024-38063
Windows Server MadLicense Unauth RCE2024-08CVE-2024-38077
Apache OFBiz improper authorization checks allow for RCE2024-08CVE-2024-38856
Bazarr Path Traversal2024-08CVE-2024-40348
Fonoster VoiceServer VoiceApp Path Traversal Info Leak2024-08CVE-2024-43035

Go Exploit Framework

VulnCheck's exploit proof of concept (PoC) and version scanner code is written in the Go programming language. They are provided with a Dockerfile for ease of use. The exploits leverage an Open Source Software (OSS) shared library, which VulnCheck has authored and maintains, called go-exploit.

Learn More About VulnCheck Initial Access Intelligence

Learn more about how you can leverage Initial Access Intelligence detection artifacts to detect & respond to remote code execution (RCE) vulnerabilities here: https://docs.vulncheck.com/products/initial-access-intelligence/introduction