{"uuid": "e7b47b6c-d5cf-449e-9aff-ba3cc7cea48f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7255", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1233", "content": "\ud83d\udccd #\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc_\u0628\u062d\u0631\u0627\u0646\u06cc \u062f\u0631 Microsoft Edge\n\n\u0645\u0631\u0648\u0631\u06af\u0631 #Microsoft_Edge \u062f\u0631 \u062a\u0627\u0631\u06cc\u062e 2 \u0622\u06af\u0648\u0633\u062a 2024\u060c \u0642\u0631\u0628\u0627\u0646\u06cc \u0686\u0646\u062f\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u060c \u06a9\u0647 \u0628\u0627 \u0634\u0646\u0627\u0633\u0647\u200c\u0647\u0627\u06cc CVE-2024-6990\u060c CVE-2024-7255 \u0648 CVE-2024-7256 \u0634\u0646\u0627\u062e\u062a\u0647 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0627\u0645\u06a9\u0627\u0646 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0631\u0627 \u0628\u0631\u0627\u06cc \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0641\u0631\u0627\u0647\u0645 \u06a9\u0631\u062f\u0647 \u0648 \u062e\u0637\u0631\u0627\u062a \u062c\u062f\u06cc \u0645\u0627\u0646\u0646\u062f #\u0627\u062c\u0631\u0627\u06cc_\u06a9\u062f_\u062f\u0644\u062e\u0648\u0627\u0647\u060c #\u0627\u0641\u0634\u0627\u06cc_\u0627\u0637\u0644\u0627\u0639\u0627\u062a_\u062d\u0633\u0627\u0633 \u0648 \u062f\u0648\u0631 \u0632\u062f\u0646 \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0631\u0627 \u0628\u0647 \u062f\u0646\u0628\u0627\u0644 \u062f\u0627\u0631\u0646\u062f.\n\n\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0627\u06cc\u0646 \u0645\u0631\u0648\u0631\u06af\u0631\u060c \u062a\u0645\u0627\u0645\u06cc \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u0628\u0644 \u0627\u0632 127.0.2651.86 \u0647\u0633\u062a\u0646\u062f. \u0644\u0630\u0627 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0641\u0648\u0631\u06cc \u0628\u0647 \u0627\u06cc\u0646 \u0646\u0633\u062e\u0647 \u06cc\u0627 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u062c\u062f\u06cc\u062f\u062a\u0631\u060c \u062c\u0647\u062a \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646\u060c \u0642\u0648\u06cc\u0627\u064b \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f.\n\n\u062e\u0644\u0627\u0635\u0647\u200c\u0627\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627:\n- #\u0628\u0627\u06cc_\u067e\u0633 (#bypass) \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc: \u062f\u0648\u0631 \u0632\u062f\u0646 \u0645\u062d\u062f\u0648\u062f\u06cc\u062a\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u0639\u0645\u0627\u0644 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 \u0645\u0631\u0648\u0631\u06af\u0631.\n- #\u0627\u0641\u0634\u0627\u06cc_\u0627\u0637\u0644\u0627\u0639\u0627\u062a: \u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0645\u0647\u0627\u062c\u0645 \u0628\u0647 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646.\n- #\u0627\u062c\u0631\u0627\u06cc_\u06a9\u062f_\u0627\u0632_\u0631\u0627\u0647_\u062f\u0648\u0631: \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0645\u0647\u0627\u062c\u0645 \u0628\u0631 \u0631\u0648\u06cc \u0633\u06cc\u0633\u062a\u0645 \u0642\u0631\u0628\u0627\u0646\u06cc.\n- #\u0645\u062d\u0631\u0648\u0645\u06cc\u062a_\u0627\u0632_\u0633\u0631\u0648\u06cc\u0633: \u0627\u062e\u062a\u0644\u0627\u0644 \u062f\u0631 \u0639\u0645\u0644\u06a9\u0631\u062f \u0646\u0631\u0645\u0627\u0644 \u0645\u0631\u0648\u0631\u06af\u0631 \u0648 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0646\u0628\u0648\u062f\u0646 \u0622\u0646 \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631.\n\n\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0636\u0631\u0648\u0631\u06cc:\n- #\u0628\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc_\u0641\u0648\u0631\u06cc: \u0646\u0635\u0628 \u0622\u062e\u0631\u06cc\u0646 \u0646\u0633\u062e\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0645\u0631\u0648\u0631\u06af\u0631 #Microsoft_Edge.\n- #\u0645\u0631\u0627\u0642\u0628\u062a_\u0627\u0632_\u0627\u06cc\u0645\u06cc\u0644\u200c\u0647\u0627_\u0648_\u067e\u06cc\u0648\u0633\u062a\u200c\u0647\u0627: \u0627\u062c\u062a\u0646\u0627\u0628 \u0627\u0632 \u06a9\u0644\u06cc\u06a9 \u0628\u0631 \u0631\u0648\u06cc \u0644\u06cc\u0646\u06a9\u200c\u0647\u0627 \u06cc\u0627 \u062f\u0627\u0646\u0644\u0648\u062f \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u0645\u0634\u06a9\u0648\u06a9.\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0628\u0647\u200c\u0631\u0648\u0632: \u0646\u0635\u0628 \u0648 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0645\u062f\u0627\u0648\u0645 #\u0622\u0646\u062a\u06cc_\u0648\u06cc\u0631\u0648\u0633 \u0648 #\u0641\u0627\u06cc\u0631\u0648\u0627\u0644.\n- \u0645\u0631\u0627\u062c\u0639\u0647 \u0628\u0647 \u0645\u0646\u0627\u0628\u0639 \u0631\u0633\u0645\u06cc: \u06a9\u0633\u0628 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u062f\u0631 \u062e\u0635\u0648\u0635 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0648 \u0631\u0627\u0647\u06a9\u0627\u0631\u0647\u0627\u06cc \u0645\u0642\u0627\u0628\u0644\u0647 \u0628\u0627 \u0622\u0646 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0648\u0628\u200c\u0633\u0627\u06cc\u062a \u0631\u0633\u0645\u06cc #Microsoft \u0648 \u06af\u0632\u0627\u0631\u0634 #HKCERT.\n\n\u062a\u0648\u062c\u0647: \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0627\u0632 \u0627\u0647\u0645\u06cc\u062a \u0628\u0627\u0644\u0627\u06cc\u06cc \u0628\u0631\u062e\u0648\u0631\u062f\u0627\u0631 \u0628\u0648\u062f\u0647 \u0648 \u062f\u0631 \u0635\u0648\u0631\u062a \u0639\u062f\u0645 \u0627\u0642\u062f\u0627\u0645 \u0628\u0647 \u0645\u0648\u0642\u0639\u060c \u0639\u0648\u0627\u0642\u0628 \u062c\u0628\u0631\u0627\u0646\u200c\u0646\u0627\u067e\u0630\u06cc\u0631\u06cc \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0648 \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627 \u0628\u0647 \u062f\u0646\u0628\u0627\u0644 \u062e\u0648\u0627\u0647\u062f \u062f\u0627\u0634\u062a.\n\n\ud83d\udd17 \u062c\u0647\u062a \u0645\u0637\u0627\u0644\u0639\u0647 \u0627\u062f\u0627\u0645\u0647 \u0645\u0642\u0627\u0644\u0647 \u0628\u0647 \u0627\u06cc\u0646 \u0633\u0627\u06cc\u062a \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f:\n\n\ud83c\udf10 https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities_20240802\n\n\ud83d\udccd #CriticalVulnerability CVE-2024-6387 in Moxa Products\n\nProducts from Moxa, including the EDR-8010, EDR-G9010, and OnCell G4302-LTE4 series, are facing serious risks due to vulnerability CVE-2024-6387 in OpenSSH software. This vulnerability, stemming from a race condition in the SSH service, allows attackers to execute arbitrary code with root access without authentication.\n\nVulnerability Overview:\nA race condition in the SSH service occurs when authentication fails within a specified time period (LoginGraceTime), enabling attackers to exploit this situation. This allows the execution of malicious code with the highest level of access (root) on affected devices.\n\nAffected Products:\n- Moxa EDR-8010\n- Moxa EDR-G9010\n- Moxa OnCell G4302-LTE4\n\nThese products are vulnerable if they are running firmware versions earlier than 3.12.\n\nVulnerable Versions:\nAll firmware versions below 3.12 for the affected products are at risk.\n\nNecessary Actions:\n- Immediate Update: Moxa has released updated firmware versions to address this vulnerability. Users should install these updates as soon as possible.\n- Limit SSH Access: To reduce exposure, restrict SSH access to trusted IP addresses and networks.\n- Deploy Security Systems: Using Intrusion Detection and Prevention Systems (IDS/IPS) can help identify and mitigate potential attacks.\n\nSecurity Recommendations:\n- Monitor Logs: Regularly review system logs to detect any suspicious activities.\n- Apply Least Privilege Principle: Grant users only the necessary permissions required for their tasks.\n- Update Software: Regularly update all software and operating systems to address known vulnerabilities.\n\n\ud83d\udd17  To read the full article, visit:\n\n\ud83c\udf10 https://www.moxa.com/en/support/product-support/security-advisory/mpsa-246387-multiple-moxa-product-series-affected-by-cve-2024-6387", "creation_timestamp": "2024-08-05T16:54:08.000000Z"}