VulnCheck Initial Access Intelligence equips organizations and security teams with detection artifacts including Suricata signatures, YARA rules, PCAPs, and private exploit PoCs to defend against initial access vulnerabilities that are either already being exploited or likely to be exploited soon.
In August 2024, VulnCheck crossed 270+ Initial Access Intelligence (IAI) artifacts, developing artifacts for 20 CVEs, covering 17 different vendors and products.
It's worth mentioning that CVE-2024-38856, affecting Apache OFBiz, had detection artifacts published by VulnCheck on August 5, 2024. The vulnerability was later confirmed as exploited in the wild by Fortinet on August 19, 2024, and CISA on August 27, 2024.
To provide better visibility into these updates, we’ve broken down August’s Initial Access Intelligence Artifacts by CVE. For each CVE, we provide a range of detection tools including:
- Exploits
- Version scanners
- PCAPs
- Suricata rules
- Snort rules
- YARA rules
- Greynoise/Censys/Shodan queries
August 2024 Initial Access Artifacts
| Artifact Name | Date Added | CVE | Exploit | Version Scanner | pcap | Suricata Rule | snortRule | yara |
|---|---|---|---|---|---|---|---|---|
| Exim SPA Auth Bypass | 2024-08 | CVE-2020-12783 | ✅ | ✅ | ✅ | ✅ | ||
| GNU GLIBC "Looney Tunables" Local Privilege Escalation | 2024-08 | CVE-2023-4911 | ✅ | ✅ | ✅ | |||
| Anyscale Ray CPU Profile Command Injection | 2024-08 | CVE-2023-6019 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| WooCommerce Payments Authentication Bypass | 2024-08 | CVE-2023-28121 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Anyscale Ray Job Execution (Unpatched) | 2024-08 | CVE-2023-48022 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Delta Electronics DIAEnergie RecalculateScript Script Injection | 2024-08 | CVE-2024-4547 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Delta Electronics DIAEnergie RecalculateHDMWYC Script Injection | 2024-08 | CVE-2024-4548 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Fortra FileCatalyst Workflow SQL Injection | 2024-08 | CVE-2024-5276 | ✅ | ✅ | ✅ | ✅ | ||
| Calibre Content Server RCE | 2024-08 | CVE-2024-6782 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Ivanti vTM Authentication Bypass | 2024-08 | CVE-2024-7593 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| SPIP porte_plume plugin unauthenticated RCE | 2024-08 | CVE-2024-7954 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Cisco Smart Software Manager On-Prem Password Reset | 2024-08 | CVE-2024-20419 | ✅ | ✅ | ✅ | ✅ | ||
| Spring Cloud Dataflow Arbitrary File Write | 2024-08 | CVE-2024-22263 | ✅ | ✅ | ✅ | |||
| Authentication bypass allows for administrative access to upload ASP documents, leading to remote code execution. | 2024-08 | CVE-2024-26331 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| SolarWinds Web Help Desk Hard-coded Credentials | 2024-08 | CVE-2024-28987 | ✅ | ✅ | ||||
| IPv6 Network Stack Overflow DoS | 2024-08 | CVE-2024-38063 | ✅ | ✅ | ||||
| Windows Server MadLicense Unauth RCE | 2024-08 | CVE-2024-38077 | ✅ | ✅ | ✅ | |||
| Apache OFBiz improper authorization checks allow for RCE | 2024-08 | CVE-2024-38856 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Bazarr Path Traversal | 2024-08 | CVE-2024-40348 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Fonoster VoiceServer VoiceApp Path Traversal Info Leak | 2024-08 | CVE-2024-43035 | ✅ | ✅ | ✅ |
Go Exploit Framework
VulnCheck's exploit proof of concept (PoC) and version scanner code is written in the Go programming language. They are provided with a Dockerfile for ease of use. The exploits leverage an Open Source Software (OSS) shared library, which VulnCheck has authored and maintains, called go-exploit.
Learn More About VulnCheck Initial Access Intelligence
Learn more about how you can leverage Initial Access Intelligence detection artifacts to detect & respond to remote code execution (RCE) vulnerabilities here: https://docs.vulncheck.com/products/initial-access-intelligence/introduction