VulnCheck Initial Access Intelligence equips organizations and security teams with detection artifacts such as Suricata signatures, YARA rules, PCAPs, and private exploit PoCs to defend against initial access vulnerabilities that are either already being exploited or likely to be exploited soon.
In May 2024, we developed new Initial Access Intelligence (IAI) artifacts for 20 CVEs, covering 16 different vendors and 18 different products.
To provide better visibility into these updates, we’ve broken down May’s Initial Access Intelligence Artifacts by CVE. For each CVE, we provide a range of detection tools including:
- Exploits
- Version scanners
- PCAPs
- Suricata rules
- Snort rules
- YARA rules
- Greynoise/Censys/Shodan queries
May 2024 Initial Access Artifacts
| Artifact Name | Date Added | CVE | Exploit | Version Scanner | pcap | Suricata Rule | snortRule | yara |
|---|---|---|---|---|---|---|---|---|
| Nexus Repository Manager Path Traversal | 2024-05-31 | CVE-2024-4956 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Netis MW5360 Password Command Injection | 2024-05-30 | CVE-2024-22729 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Rejetto HFS 2.3m RCE | 2024-05-30 | CVE-2024-23692 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Netis SOHO Admin Credential Leak | 2024-05-30 | CVE-2024-23693 | ✅ | ✅ | ✅ | ✅ | ||
| Telesquare TLR-2005Ksh sysCommand RCE | 2024-05-29 | CVE-2024-29269 | ✅ | ✅ | ✅ | ✅ | ||
| Cisco RV Series Upload Symlink Traverse RCE | 2024-05-24 | CVE-2024-23691 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Bricks Builder WordPress RCE | 2024-05-24 | CVE-2024-25600 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| nostromo (nhttpd) Path Traversal RCE | 2024-05-21 | CVE-2019-16278 | ✅ | ✅ | ✅ | |||
| Struts Path Traversal RCE | 2024-05-21 | CVE-2023-50164 | ✅ | ✅ | ✅ | |||
| Citrix NetScaler Information Disclosure (Memory Leak) | 2024-05-17 | CVE-2023-6549 | ✅ | ✅ | ✅ | ✅ | ||
| Cacti cmd_realtime.php RCE Attempt | 2024-05-17 | CVE-2024-29895 | ✅ | ✅ | ✅ | ✅ | ||
| pgAdmin Validate Binary Injection | 2024-05-15 | CVE-2022-4223 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| JetBrains TeamCity Authentication Bypass | 2024-05-14 | CVE-2024-23917 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Tinyproxy UAF | 2024-05-13 | CVE-2023-49606 | ✅ | ✅ | ✅ | ✅ | ||
| OpenMetadata JWT Bypass RCE | 2024-05-13 | CVE-2024-28255 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| D-Link NAS Hard-Coded Credentials | 2024-05-05 | CVE-2024-3272 | ✅ | ✅ | ||||
| D-Link NAS Command Injection | 2024-05-05 | CVE-2024-3273 | ✅ | ✅ | ✅ | ✅ | ||
| Netgear VPN Configuration Backup RCE | 2024-05-03 | CVE-2024-23690 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Apache Tomcat WebDAV Webshell Upload | 2024-05-01 | CVE-2017-12617 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Apache Tomcat 'Ghostcat' File Leak | 2024-05-01 | CVE-2020-1938 | ✅ | ✅ | ✅ | ✅ | ✅ |
Learn More About VulnCheck Initial Access Intelligence
Learn more about how you can leverage Initial Access Intelligence detection artifacts to detect & respond to remote code execution (RCE) vulnerabilities here: https://docs.vulncheck.com/products/initial-access-intelligence/introduction