{"vulnerability": "CVE-2024-36435", "sightings": [{"uuid": "e7cb8970-46b0-4e2d-9823-e0b1350b6357", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/4910", "content": "#exploit\n1. CVE-2024-9014:\npgAdmin4 Sensitive Information Exposure\nhttps://github.com/EQSTLab/CVE-2024-9014\n\n2. CVE-2024-36435:\nBuffer overflow in Supermicro BMC IPMI\nhttps://github.com/binarly-io/ToolsAndPoCs/blob/master/Posix/Supermicro/CVE-2024-36435.py\n]-&gt; https://www.binarly.io/blog/cve-2024-36435-deep-dive-the-years-most-critical-bmc-security-flaw", "creation_timestamp": "2024-10-02T16:38:48.000000Z"}, {"uuid": "def0d07a-9476-41b3-88fb-efb3d52c6c6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/466", "content": "#exploit\n1. CVE-2024-9014:\npgAdmin4 Sensitive Information Exposure\nhttps://github.com/EQSTLab/CVE-2024-9014\n\n2. CVE-2024-36435:\nBuffer overflow in Supermicro BMC IPMI\nhttps://github.com/binarly-io/ToolsAndPoCs/blob/master/Posix/Supermicro/CVE-2024-36435.py", "creation_timestamp": "2024-09-30T04:58:44.000000Z"}, {"uuid": "35582d35-da04-4943-a667-6d9aa65e9510", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2284", "content": "CVE-2024-36435\n*\nRCE Flaw in Supermicro BMC IPMI Firmware\n*\nWriteUp\n*\nPOC exploit\n\n#servers #ipmi #rce", "creation_timestamp": "2024-10-02T07:31:40.000000Z"}, {"uuid": "0e6e4c08-69b3-4c49-bdb6-f232d23f9d70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/6052", "content": "\u200aSupermicro Motherboards Vulnerable to Critical RCE Flaw (CVE-2024-36435)\n\nhttps://securityonline.info/supermicro-motherboards-vulnerable-to-critical-rce-flaw-cve-2024-36435/", "creation_timestamp": "2024-07-15T12:11:56.000000Z"}, {"uuid": "c9cf9d3a-899e-4461-91d5-da44549201ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1004", "content": "Target = \"https://{ip_address}/cgi/login.cgi\"\ncommand = \"touch /tmp/BRLY\"\n\nlibc = 0x76283000    # we try to guess\ngadget1 = 0x000D8874  # pop {r0, r1, r2, r3, fp, pc};\ngadget2 = 0x001026D4  # mov r0, sp; blx r3;\nsystem  = 0x0003C4D4\n\nhttps://github.com/binarly-io/ToolsAndPoCs/blob/master/Posix/Supermicro/CVE-2024-36435.py\n\n#CyberDilara", "creation_timestamp": "2024-09-30T07:30:50.000000Z"}, {"uuid": "366f98bb-5189-474f-83ba-5867523acb91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36435", "type": "seen", "source": "https://t.me/cvedetector/697", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-36435 - An issue was discovered on Supermicro BMC firmware\", \n  \"Content\": \"CVE ID : CVE-2024-36435 \nPublished : July 11, 2024, 9:15 p.m. | 44\u00a0minutes ago \nDescription : An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-12T00:11:02.000000Z"}, {"uuid": "ab58e7d1-2853-4b26-9c61-c0de8b374b22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/1588", "content": "#exploit\n1. CVE-2024-9014:\npgAdmin4 Sensitive Information Exposure\nhttps://github.com/EQSTLab/CVE-2024-9014\n\n2. CVE-2024-36435:\nBuffer overflow in Supermicro BMC IPMI\nhttps://github.com/binarly-io/ToolsAndPoCs/blob/master/Posix/Supermicro/CVE-2024-36435.py\n]-&gt; https://www.binarly.io/blog/cve-2024-36435-deep-dive-the-years-most-critical-bmc-security-flaw", "creation_timestamp": "2024-10-02T16:38:49.000000Z"}, {"uuid": "2a4ccf03-3099-46a2-b449-cc52729ca432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/ZeroDay_TM/881", "content": "\u2022 RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware\n\nSecurity vulnerability in the Baseboard Management Controller (BMC) firmware \u2014 a critical component of modern data center infrastructure. Unauthenticated user can remotely trigger the code flow with a simple post request and cause the arbitrary code execution over classical stack overflow.\n\nPOC: https://github.com/binarly-io/ToolsAndPoCs/blob/789fdb481ed3a9d6da71dee0d7d3bbdde6c1b5dd/Posix/Supermicro/CVE-2024-36435.py\n\n#exploit #writeup #pentest\n-   -   -   -   -   -   -   -   -\n\u2022 @Old_Unclee\n\u2022 @ZeroDay_TM", "creation_timestamp": "2024-10-02T21:07:43.000000Z"}, {"uuid": "4a03039d-2126-481d-912a-235cccdf741c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36435", "type": "seen", "source": "https://t.me/kasraone_com/717", "content": "\u0645\u0634\u06a9\u0644 \u0627\u0645\u0646\u06cc\u062a\u06cc RCE (CVE-2024-36435) \u062f\u0631 \u06a9\u0646\u062a\u0631\u0644\u200c\u06af\u0631 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0628\u0631\u062f \u0627\u0635\u0644\u06cc (BMC) \u0633\u0648\u067e\u0631 \u0645\u06cc\u06a9\u0631\u0648 \ud83d\udea8\n\n\u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u26a0\ufe0f \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645\u200c\u0639\u0627\u0645\u0644 \u06a9\u0646\u062a\u0631\u0644\u200c\u06af\u0631 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0628\u0631\u062f \u0627\u0635\u0644\u06cc (BMC) \ud83d\udda5\ufe0f \u06a9\u0647 \u062c\u0632\u0626\u06cc \u062d\u06cc\u0627\u062a\u06cc \u0627\u0632 \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u200c\u0647\u0627\u06cc \u0645\u062f\u0631\u0646 \u0645\u0631\u0627\u06a9\u0632 \u062f\u0627\u062f\u0647 \ud83c\udfe2 \u0627\u0633\u062a\u060c \u06a9\u0634\u0641 \u0634\u062f\u0647 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \ud83e\uddb9\u200d\u2642\ufe0f \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \ud83c\udf10 \u0648 \u0628\u062f\u0648\u0646 \u0646\u06cc\u0627\u0632 \u0628\u0647 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \ud83d\udeab\u060c \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0646\u062f \ud83d\udcbb. \n\n\u0628\u0647 \u0632\u0628\u0627\u0646 \u0633\u0627\u062f\u0647\u200c\u062a\u0631\u060c \u0647\u0631 \u06a9\u0633\u06cc  \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u06cc\u06a9 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0633\u0627\u062f\u0647 \u2709\ufe0f\u060c \u06a9\u0646\u062a\u0631\u0644 \u0633\u06cc\u0633\u062a\u0645 \ud83c\udf9b\ufe0f \u0631\u0627 \u062f\u0631 \u062f\u0633\u062a \u0628\u06af\u06cc\u0631\u062f \u0648 \u06a9\u062f\u0647\u0627\u06cc \u0645\u062e\u0631\u0628 \ud83e\udda0 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f. \u0627\u06cc\u0646 \u062d\u0645\u0644\u0647 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u06cc\u06a9 \u0646\u0642\u0635 \ud83d\udc1e \u062f\u0631 \u0646\u062d\u0648\u0647 \u0645\u062f\u06cc\u0631\u06cc\u062a \u067e\u0634\u062a\u0647 (Stack Overflow) \ud83d\udca5 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u0634\u0648\u062f.\n\n\u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631:\n\n* \u06a9\u062f \u0627\u062b\u0628\u0627\u062a \u0645\u0641\u0647\u0648\u0645 (POC): [\u0644\u06cc\u0646\u06a9] \ud83d\udd17\n\n\n\n\n\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0 \u2661 \u2800\u2800 \u3007\u2800\u00a0 \u2800 \u2399\u2800\u200c\u00a0 \u200c \u2332\u2063 \n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u02e1\u2071\u1d4f\u1d49\u00a0 \u1d9c\u1d52\u1d50\u1d50\u1d49\u207f\u1d57\u00a0\u00a0 \u02e2\u1d43\u1d5b\u1d49\u00a0 \u02e2\u02b0\u1d43\u02b3\u1d49\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 K1\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 kasraone", "creation_timestamp": "2024-10-11T05:02:04.000000Z"}, {"uuid": "74923109-3a0a-48c7-a2ae-9d7572426d4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11208", "content": "#exploit\n1. CVE-2024-9014:\npgAdmin4 Sensitive Information Exposure\nhttps://github.com/EQSTLab/CVE-2024-9014\n\n2. CVE-2024-41110:\nDocker AuthZ plugins Security Checker\nhttps://github.com/vvpoglazov/cve-2024-41110-checker\n\n3. CVE-2024-36435:\nBuffer overflow in Supermicro BMC IPMI\nhttps://github.com/binarly-io/ToolsAndPoCs/blob/master/Posix/Supermicro/CVE-2024-36435.py\n]-&gt; https://www.binarly.io/blog/cve-2024-36435-deep-dive-the-years-most-critical-bmc-security-flaw", "creation_timestamp": "2024-11-01T03:17:48.000000Z"}, {"uuid": "6cf53d35-eea0-42dd-8c09-e33fe65e5b79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36435", "type": "published-proof-of-concept", "source": "Telegram/o7VlsrAVA1DWBTlZl46rIoutlNqMKHpc5zbmztPssQicDZc", "content": "", "creation_timestamp": "2024-10-03T16:56:46.000000Z"}]}