{"vulnerability": "cve-2024-41111", "sightings": [{"uuid": "04aa9640-b5e9-4951-ad1b-0ed96922e1e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41111", "type": "seen", "source": "https://t.me/purple_medved/297", "content": "\u0412 \u0441\u0432\u043e\u0435\u043c \u0434\u043e\u043a\u043b\u0430\u0434\u0435 \u043d\u0430 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c \u044d\u0442\u043e\u0439 \u0432\u0435\u0441\u043d\u043e\u0439 \u043a\u0438\u0431\u0435\u0440\u0444\u0435\u0441\u0442\u0438\u0432\u0430\u043b\u0435 Positive Hack Days Fest 2 \u044f \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u043b \u043e \u0442\u043e\u043c, \u043f\u043e\u0447\u0435\u043c\u0443 \u0432\u0430\u0436\u043d\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0442\u044c \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u043d\u044b\u0439 \u043f\u043e\u0434\u0445\u043e\u0434 \u043a \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b. \u0412 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u043b \u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u0437\u044f\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u04212 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430\u0445 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c.\n\n\u0412 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0435\u043d\u0438\u0438 \u044d\u0442\u043e\u0439 \u0442\u0435\u043c\u044b, \u043c\u043d\u0435 \u043d\u0430 \u0433\u043b\u0430\u0437\u0430 \u043f\u043e\u043f\u0430\u043b\u0430\u0441\u044c \u0441\u0442\u0430\u0442\u044c\u044f - Vulnerabilities in Open Source C2 Frameworks, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0430\u0432\u0442\u043e\u0440 \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0435\u043b \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u044b\u0435 \u0431\u0430\u0433\u0438 \u0434\u043b\u044f \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0438 \u043d\u0435 \u043e\u0447\u0435\u043d\u044c \u04212 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u043e\u0432:\n\n\ud83d\udd34 Sliver\n\u041a\u043e\u0433\u0434\u0430-\u0442\u043e \u0434\u0430\u0432\u043d\u043e \u0431\u044b\u043b \u043c\u043e\u0438\u043c \u0444\u0430\u0432\u043e\u0440\u0438\u0442\u043e\u043c, \u0430 \u0442\u0435\u043f\u0435\u0440\u044c \u0442\u0430\u043c \u043d\u0430\u0448\u043b\u0438 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u043a\u043e\u043b\u044c\u043d\u0443\u044e \u0431\u0430\u0433\u0443 CVE-2024-41111 - RCE on the teamserver by a low-privileged operator, \u043f\u043e \u0441\u0443\u0442\u0438 command injection \u0432 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442 \u0434\u043b\u044f msfvenom, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 Sliver \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0434\u043b\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 msf stagers.\n\ud83d\udd34 Havoc\n\u041d\u0430\u0431\u0438\u0440\u0430\u044e\u0449\u0438\u0439 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0441\u0442\u044c \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a \u043d\u0430 Go c 3 \u0431\u0430\u0433\u0430\u043c\u0438: CVE-2024-41570 - Unauthenticated SSRF, Authenticated Command Injection, Service API Authentication Bypass (\u0434\u0435\u0442\u0430\u043b\u0438 \u0432 \u0441\u0442\u0430\u0442\u044c\u0435).\n\ud83d\udd34 Ninja \u04212, \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043b\u0438\u043a\u043d\u0443\u0442\u044b\u0445 \u0438\u0441\u0445\u043e\u0434\u043d\u0438\u043a\u043e\u0432 \u0438\u0440\u0430\u043d\u0441\u043a\u043e\u0439 APT Muddywater, \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0441\u044f RCE \u0447\u0435\u0440\u0435\u0437 Unauthenticated Arbitrary File Download via path traversal \u0432\u0435\u0431 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430. \n\ud83d\udd34 SHAD0W\nUnauthenticated RCE - \u0435\u0449\u0435 \u043e\u0434\u043d\u0430 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u0430\u044f \u0431\u0430\u0433\u0430, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e Situational awareness \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0431 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0435, \u0434\u043e\u043c\u0435\u043d\u0435, \u0432\u0435\u0440\u0441\u0438\u0438 \u041e\u0421 \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0435\u043c\u044b\u0435 \u043f\u0440\u0438 \u043e\u0442\u0441\u0442\u0443\u043a\u0435 beacon'a \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u0438\u043b\u044f\u0446\u0438\u0438 \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043f\u043e\u0441\u0442-\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\ud83d\udd34 Covenant, \u043a\u043e\u0433\u0434\u0430-\u0442\u043e \u0442\u043e\u0436\u0435 \u0431\u044b\u043b \u043e\u0434\u043d\u0438\u043c \u0438\u0437 \u043c\u043e\u0438\u0445 \u0444\u0430\u0432\u043e\u0440\u0438\u0442\u043e\u0432, \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d Authenticated Command Injection \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0447\u0435\u0440\u0435\u0437 UI (\u0434\u0435\u0442\u0430\u043b\u0438 \u0432 \u0441\u0442\u0430\u0442\u044c\u0435).\n\n\u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0432\u0441\u0435 \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u043d\u044b\u0435 \u04212 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0438, \u0437\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c Mythic (\u043e \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0443\u0436\u0435 \u043d\u0435\u043e\u0434\u043d\u043e\u043a\u0440\u0430\u0442\u043d\u043e \u043f\u0438\u0441\u0430\u043b \u0440\u0430\u043d\u0435\u0435) \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u043c \u0443\u0437\u044f\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0442\u0430\u0432\u044f\u0442 \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0438 \u043a\u0430\u043a \u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0430\u043d\u043d\u044b\u043c \u0438 \u0438\u043d\u0444\u0440\u0435 \u0442\u0435\u0441\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438.", "creation_timestamp": "2024-10-02T07:56:42.000000Z"}, {"uuid": "5b78372b-ce23-43a0-8394-30afb660ca32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41111", "type": "seen", "source": "https://t.me/cvedetector/1182", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41111 - Sliver Teamserver Operator privilege escalation Remote Code Execution (RCE) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41111 \nPublished : July 18, 2024, 11:15 p.m. | 34\u00a0minutes ago \nDescription : Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged \"operator\" user. The RCE is as the system root user. The exploit is pretty fun as we make the Sliver server pwn itself. As described in a past issue (#65), \"there is a clear security boundary between the operator and server, an operator should not inherently be able to run commands or code on the server.\" An operator who exploited this vulnerability would be able to view all console logs, kick all other operators, view and modify files stored on the server, and ultimately delete the server. This issue has not yet be addressed but is expected to be resolved before the full release of version 1.6.0. Users of the 1.6.0 prerelease should avoid using Silver in production. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-19T01:59:28.000000Z"}]}