CVE-2024-42919 PoC — MicroWorld eScan Management Console 安全漏洞

Source

https://github.com/jeyabalaji711/CVE-2024-42919

Associated Vulnerability

Title:MicroWorld eScan Management Console 安全漏洞 (CVE-2024-42919)
Description:MicroWorld eScan Management Console是MicroWorld公司的一个电子扫描管理控制台。 MicroWorld eScan Management Console 14.0.1400.2281版本存在安全漏洞，该漏洞源于容易受到通过acteScanAVReport进行的错误访问控制。

Readme

#  eScan Management Console 
**Exploit Title :** eScan Management Console - Incorrect Access Control                                                          
**Author :** Jeyabalaji                   
**Affected Versions :** 14.0.1400.2281            
**Tested on :** Windows 11   
**CVE :** [CVE-2024-42919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42919)             

### **Description:**
The Escan Management Console implements authentication mechanisms; however, the acteScanAVReport endpoint is accessible without requiring any authentication. 

### **Payload :**
acteScanAVReport (Endpoint)

### **Steps to reproduce :**
1. Open eScan Management Console
2. Give 'acteScanAVReport' Endpoint
3. We can able to access the eScan AV Report

### **Mitigation :**

Update to the latest version

File Snapshot


 [4.0K]  /data/pocs/fd26c5666ac123fb9f922ec7249da5d81d8fe74a
└── [ 810]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!