Go back

VulnCheck Initial Access Intelligence Update - July 2024

avatar
Patrick Garrityin/patrickmgarrity/

VulnCheck Initial Access Intelligence equips organizations and security teams with detection artifacts such as Suricata signatures, YARA rules, PCAPs, and private exploit PoCs to defend against initial access vulnerabilities that are either already being exploited or likely to be exploited soon.

Before we get into this months details, it's worth mentioned that go-exploit, VulnCheck's exploit framework, now supports scanless asset detection and version scanning, using the exact same code for active scanning. You can learn more about that here.

In July 2024, VulnCheck crossed 250+ Initial Access Intelligence (IAI) artifacts, developing artifacts for 14 CVEs, covering 13 different vendors and 10 different products.

Initial Access Intelligence - July 2024

To provide better visibility into these updates, we’ve broken down July’s Initial Access Intelligence Artifacts by CVE. For each CVE, we provide a range of detection tools including:

  • Exploits
  • Version scanners
  • PCAPs
  • Suricata rules
  • Snort rules
  • YARA rules
  • Greynoise/Censys/Shodan queries

July 2024 Initial Access Artifacts

Artifact NameDate AddedCVEExploitVersion ScannerpcapSuricata RulesnortRuleyara
Zyxel Customer-Provided Equipment Configuration Disclosure2024-07-04CVE-2023-28770
Apache Superset Session Forgery2024-07-05CVE-2023-27524
GeoServer Remote Code Execution2024-07-05CVE-2024-36401
Progress WhatsUp Gold Path Traversal2024-07-12CVE-2024-4885
Zyxel CPE Diag Command Injection2024-07-12CVE-2024-40890
Zyxel CPE Telnet Command Injection2024-07-12CVE-2024-40891
Apache CloudStack Unsecured cluster API remote code execution2024-07-15CVE-2024-38346
Laravel Credential leak in log files2024-07-17CVE-2024-29291
Zyxel Auth Bypass and pkg_init_cmd Command Injection2024-07-19CVE-2023-4473
Magento XXE Information Disclosure2024-07-21CVE-2024-34102
H3C ERHMG2 Configuration/Password Leak2024-07-22CVE-2024-32238
Elementor Essential Addons WordPress Plugin Authentication Bypass Remote Code Execution2024-07-25CVE-2023-32243
Ghostscript Filesystem Format String RCE2024-07-30CVE-2024-29510
AJ-Report unauthenticated path-traversal Java evaluation RCE2024-07-31CVE-2024-7314

Learn More About VulnCheck Initial Access Intelligence

Learn more about how you can leverage Initial Access Intelligence detection artifacts to detect & respond to remote code execution (RCE) vulnerabilities here: https://docs.vulncheck.com/products/initial-access-intelligence/introduction