{"vulnerability": "cve-2024-4353", "sightings": [{"uuid": "4fed7185-bdcc-488b-bd71-46c1b293f25c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43534", "type": "seen", "source": "https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review", "content": "", "creation_timestamp": "2024-10-08T17:54:47.000000Z"}, {"uuid": "2123ad4a-1a80-4816-8fc9-4d153f7a7f9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-435325", "type": "seen", "source": "https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review", "content": "", "creation_timestamp": "2024-10-08T17:54:47.000000Z"}, {"uuid": "63cb0023-9f31-4283-8542-22ab59db5309", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43536", "type": "seen", "source": "https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review", "content": "", "creation_timestamp": "2024-10-08T17:54:47.000000Z"}, {"uuid": "e26516a8-3575-474e-b597-b971159868b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43532", "type": "seen", "source": "https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review", "content": "", "creation_timestamp": "2024-10-08T17:54:47.000000Z"}, {"uuid": "934f9d9c-66f9-4afc-9a1d-a5ceb89cfd12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43535", "type": "seen", "source": "https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review", "content": "", "creation_timestamp": "2024-10-08T17:54:47.000000Z"}, {"uuid": "a3d51d6a-5d24-417f-84e5-2e9940f47e9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43537", "type": "seen", "source": "https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review", "content": "", "creation_timestamp": "2024-10-08T17:54:47.000000Z"}, {"uuid": "12d2c4e0-45f6-4cd1-b816-7e0e48c324e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43538", "type": "seen", "source": "https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review", "content": "", "creation_timestamp": "2024-10-08T17:54:47.000000Z"}, {"uuid": "adc14e0a-71d4-45b5-b19f-b35815b387e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43533", "type": "seen", "source": "https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review", "content": "", "creation_timestamp": "2024-10-08T17:54:47.000000Z"}, {"uuid": "07b55f17-8640-475c-b6c7-e721014a9944", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43532", "type": "seen", "source": "https://infosec.exchange/users/0patch/statuses/113470701686773635", "content": "", "creation_timestamp": "2024-11-12T15:31:51.390593Z"}, {"uuid": "667236bb-42a0-4f91-a4d0-ed011137eb28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43530", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113471445573585064", "content": "", "creation_timestamp": "2024-11-12T18:40:53.282604Z"}, {"uuid": "037fa9ed-73c6-41e0-ac8f-241780a12850", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43530", "type": "seen", "source": "https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review", "content": "", "creation_timestamp": "2024-11-12T18:26:35.000000Z"}, {"uuid": "7b64ae56-612c-4ee9-abd3-b78c3f10fab2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4353", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2248", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-4353\n\ud83d\udd39 Description: Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board\ninstance functionality. The Name input field does not check the input sufficiently letting a rogue administrator have the capability to inject malicious\nJavaScript code. The Concrete CMS security team gave this vulnerability\u00a0a CVSS v4 score of 4.6 with a vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Concrete versions below 9 are not affected by this vulnerability.Thanks fhAnso for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC).\n\ud83d\udccf Published: 2024-08-01T18:23:31.033Z\n\ud83d\udccf Modified: 2025-01-17T21:55:57.746Z\n\ud83d\udd17 References:\n1. https://github.com/concretecms/concretecms/pull/12151\n2. https://documentation.concretecms.org/9-x/developers/introduction/version-history/933-release-notes", "creation_timestamp": "2025-01-17T22:57:15.000000Z"}, {"uuid": "a322bd91-f9e8-4016-bc37-85e78162f2e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43535", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3ltciwauyqm2a", "content": "", "creation_timestamp": "2025-07-06T14:41:20.984939Z"}, {"uuid": "e0038487-46ff-43b1-abd3-6af56852e557", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43532", "type": "published-proof-of-concept", "source": "https://t.me/CyberBulletin/1199", "content": "\u26a1\ufe0fCritical EoP Flaw in Microsoft\u2019s Remote Registry: Researcher Publishes PoC for CVE-2024-43532.\n\n#CyberBulletin", "creation_timestamp": "2024-10-22T14:46:17.000000Z"}, {"uuid": "44cee7d4-d612-42ce-a3b4-4aa51786ed0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43535", "type": "published-proof-of-concept", "source": "Telegram/Mu4J56rbgMxUjpsQgufxtJwNSOwCf2oGVYYwILA_0otXlrE", "content": "", "creation_timestamp": "2025-06-07T15:00:07.000000Z"}, {"uuid": "1ec8299a-aaa0-4b7b-9d94-4c72432b5301", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43533", "type": "seen", "source": "https://t.me/kasperskyb2b/1444", "content": "\ud83d\udcbb \u041e\u043a\u0442\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0439 Patch Tuesday: 5 \u0437\u0438\u0440\u043e\u0434\u0435\u0435\u0432 \u0438 118 CVE\n\n\u0420\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u044b\u0439 \u043f\u0430\u043a\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 Microsoft \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 118 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0434\u0432\u0430 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u043c\u0438 \u0437\u0438\u0440\u043e\u0434\u0435\u044f\u043c\u0438, \u0430 \u0435\u0449\u0451 \u0442\u0440\u0438 \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0435\u043d\u044b \u0434\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f, \u0434\u043b\u044f \u043e\u0434\u043d\u043e\u0433\u043e \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0439 PoC. 43 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a RCE, 28 \u2014 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, 26 \u2014 DoS, \u043f\u043e 7 \u2014 spoofing \u0438 \u043e\u0431\u0445\u043e\u0434 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.  \u0422\u043e\u043b\u044c\u043a\u043e \u0442\u0440\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0451\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u043c\u0435\u044e\u0442 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445.\n\n\u0418\u0437 \u043f\u044f\u0442\u0438 0days, \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u044b: \nCVE-2024-43572 (CVSS 7.8), RCE \u0432 Microsoft Management Console (MMC). \u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0436\u0435\u0440\u0442\u0432\u0443 \u043d\u0443\u0436\u043d\u043e \u0443\u0431\u0435\u0434\u0438\u0442\u044c \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 MSC-\u0444\u0430\u0439\u043b. \n\u0422\u0430\u043a\u0436\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043d\u043e\u0432\u0430 \u043d\u0430\u0448\u043b\u0438 \u0434\u044b\u0440\u043a\u0443 \u0432 \u0442\u044f\u0436\u0451\u043b\u043e\u043c \u043d\u0430\u0441\u043b\u0435\u0434\u0438\u0438 IE \u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 CVE-2024-43573 (CVSS 6.5, Windows MSHTML Platform Spoofing). Microsoft \u043d\u0435 \u0434\u0430\u0451\u0442 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043e \u0442\u043e\u043c, \u043a\u0442\u043e \u0438 \u043a\u0430\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043d\u043e \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u043e\u0434\u043e\u0437\u0440\u0435\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0430\u0443\u0447\u0438\u043b\u0438\u0441\u044c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0433\u043e \u0434\u0435\u0444\u0435\u043a\u0442\u0430, \u0437\u0430\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u0440\u0430\u043d\u0435\u0435 \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443.\n\n\u0415\u0449\u0451 \u043e\u0434\u0438\u043d \u0437\u0438\u0440\u043e\u0434\u0435\u0439 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u043a \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u043c\u0443 \u0434\u0435\u0444\u0435\u043a\u0442\u0443 curl, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\u044c\u043d\u043e\u043c \u043f\u0430\u043a\u0435\u0442\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0438 \u0432 \u0438\u044e\u043b\u0435 (CVE-2024-6197, CVSS 8.8). \u0413\u0434\u0435 \u0438 \u043a\u043e\u0433\u0434\u0430 \u0440\u0430\u0437\u0433\u043b\u0430\u0441\u0438\u043b\u0438 \u0434\u0432\u0435 \u043e\u0441\u0442\u0430\u0432\u0448\u0438\u0435\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, Microsoft \u043d\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u0435\u0442. \nCVE-2024-43583, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e system \u043f\u0440\u044f\u043c\u043e \u043d\u0430 \u044d\u043a\u0440\u0430\u043d\u0435 \u0432\u0445\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443, \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u0442\u0447, \u043d\u043e \u0438 \u0443\u0431\u0435\u0434\u0438\u0442\u044c\u0441\u044f, \u0447\u0442\u043e \u043c\u0435\u0442\u043e\u0434\u044b \u0432\u0432\u043e\u0434\u0430 Microsoft \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u044b \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 (KB5046254).\n\u041f\u0440\u043e CVE-2024-20659 \u043c\u044b, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0435\u0449\u0451 \u0443\u0441\u043b\u044b\u0448\u0438\u043c \u043d\u0430 \u0418\u0411-\u043a\u043e\u043d\u0444\u0435\u0440\u0435\u043d\u0446\u0438\u044f\u0445, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u044d\u0442\u043e \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u043e\u0431\u0445\u043e\u0434 UEFI, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440 \u0438 \u0437\u0430\u0449\u0438\u0449\u0451\u043d\u043d\u043e\u0435 \u044f\u0434\u0440\u043e. \u0420\u0435\u0434\u043c\u043e\u043d\u0434 \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0443\u0436\u043d\u044b \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0438 \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043d\u043e \u043f\u0440\u043e BlackLotus \u0442\u043e\u0436\u0435 \u0447\u0442\u043e-\u0442\u043e \u0442\u0430\u043a\u043e\u0435 \u043f\u043e\u043d\u0430\u0447\u0430\u043b\u0443 \u0433\u043e\u0432\u043e\u0440\u0438\u043b\u0438. \n\n\u0418\u0437 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043d\u0435 \u044f\u0432\u043b\u044f\u044e\u0449\u0438\u0445\u0441\u044f \u0437\u0438\u0440\u043e\u0434\u0435\u044f\u043c\u0438, \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u044f \u0437\u0430\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u0435\u0442 CVE-2024-43468, RCE \u0432 Microsoft Configuration Manager \u0441 CVSS 9.8. \u0427\u0442\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f \u043e\u0442 \u0430\u0442\u0430\u043a \u043f\u043e \u0441\u0435\u0442\u0438, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u043e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u0434\u0430\u0436\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043d\u0443\u0436\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043d\u0441\u043e\u043b\u0438, \u0430 \u0435\u0441\u043b\u0438 \u044d\u0442\u043e \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u2014 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0441\u043e\u0432\u0435\u0442\u044b \u043f\u043e \u043c\u0438\u0442\u0438\u0433\u0430\u0446\u0438\u0438 \u0438 \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u044c \u0441\u0435\u0440\u0432\u0438\u0441\u043d\u0443\u044e \u0443\u0447\u0451\u0442\u043a\u0443 \u0441 Computer \u043d\u0430 \u043a\u0430\u043a\u0443\u044e-\u0442\u043e \u0434\u0440\u0443\u0433\u0443\u044e.\n\n\u0422\u0430\u043a\u0436\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u044f \u0437\u0430\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u0435\u0442 \u0431\u0443\u043a\u0435\u0442 \u0438\u0437 12 RCE \u0432  Windows Routing and Remote Access Service (RRAS) (CVE-2024-38212 \u0438 \u0434\u0440.), CVE-2024-43582 \u0432 Remote Desktop Protocol Server \u0438 \u043f\u0430\u0440\u0430 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432 \u0432 Windows Remote Desktop Client (CVE-2024-43533, CVE-2024-43599).\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2024-10-09T10:21:15.000000Z"}, {"uuid": "7cb06914-1445-4bad-a1d5-55b6cc0d9e52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43532", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/603", "content": "https://www.akamai.com/blog/security-research/winreg-relay-vulnerability\n\nCall and Register \u2014 Relay Attack on WinReg RPC Client\n\nhttps://github.com/akamai/akamai-security-research/tree/main/PoCs/cve-2024-43532\n\n#\u5206\u6790 #github #poc", "creation_timestamp": "2024-10-23T19:29:44.000000Z"}, {"uuid": "e850046f-6c69-4994-867e-9a7abbd08a24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43532", "type": "published-proof-of-concept", "source": "https://t.me/paiddpam/5692", "content": "\ud83d\udd14Call and Register \u2014 Relay Attack on WinReg RPC Client\n\nA critical vulnerability (CVE-2024-43532) has been identified in Microsoft\u2019s Remote Registry client. This flaw allows attackers to exploit insecure fallback mechanisms in the WinReg client, enabling them to relay authentication details and make unauthorized certificate requests through Active Directory Certificate Services (ADCS).\n\n\ud83d\udd17 Research:\nhttps://www.akamai.com/blog/security-research/winreg-relay-vulnerability\n\n\ud83d\udd17 RPC Visibility Tool:\nhttps://github.com/akamai/akamai-security-research/tree/main/rpc_toolkit/rpc_visibility\n\n\ud83d\udd17 PoC: \nhttps://github.com/akamai/akamai-security-research/tree/main/PoCs/cve-2024-43532\n\n#ad #adcs #rpc #ntlm #relay #etw #advapi", "creation_timestamp": "2024-10-26T07:01:58.000000Z"}, {"uuid": "e507c325-fd81-4389-98d2-03b8bbcb5a0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43532", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/580", "content": "#Red_Team_Tactics\n1. Bypassing UAC with SSPI Datagram Contexts\nhttps://github.com/antonioCoco/SspiUacBypass\n2. Call and Register - Relay Attack on WinReg RPC Client\nhttps://www.akamai.com/blog/security-research/winreg-relay-vulnerability\n]-&gt; https://github.com/akamai/akamai-security-research/tree/main/PoCs/cve-2024-43532", "creation_timestamp": "2024-10-20T16:48:45.000000Z"}, {"uuid": "aaddb057-0b9c-4465-99fa-b8834a13cc05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4353", "type": "seen", "source": "https://t.me/cvedetector/2264", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-4353 - Concrete CMS Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-4353 \nPublished : Aug. 1, 2024, 7:15 p.m. | 44\u00a0minutes ago \nDescription : Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board  \ninstance functionality. The Name input field does not check the input sufficiently letting a rogue administrator hav the capability to inject malicious  \nJavaScript code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of  AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N  \u00a0and a CVSS v4 score of 1.8 with a vector of CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Thanks fhAnso for reporting. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-01T22:07:04.000000Z"}, {"uuid": "7d086bea-91b3-4cef-96b0-e71b582d2fa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43532", "type": "published-proof-of-concept", "source": "Telegram/74XbNTyUwF2B4MXU61M5oBrjYfLE_ydB7RIx5kz_w3oA1w", "content": "", "creation_timestamp": "2024-10-26T07:01:58.000000Z"}, {"uuid": "f774b477-f8d3-4467-8365-222e99cbbd5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43532", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/24134", "content": "\u26a1\ufe0fCritical EoP Flaw in Microsoft\u2019s Remote Registry: Researcher Publishes PoC for CVE-2024-43532.\n\n#CyberBulletin", "creation_timestamp": "2024-10-22T15:06:25.000000Z"}, {"uuid": "cdbb8ca0-3052-4335-96af-b069b9c9daa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43532", "type": "published-proof-of-concept", "source": "https://t.me/CyberBulletin/26132", "content": "\u26a1\ufe0fCritical EoP Flaw in Microsoft\u2019s Remote Registry: Researcher Publishes PoC for CVE-2024-43532.\n\n#CyberBulletin", "creation_timestamp": "2024-10-22T14:46:17.000000Z"}, {"uuid": "68c02f12-e580-46fe-841d-9ba49be565ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43532", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/521", "content": "\u26a1\ufe0fCritical EoP Flaw in Microsoft\u2019s Remote Registry: Researcher Publishes PoC for CVE-2024-43532.\n\n#CyberBulletin", "creation_timestamp": "2024-10-22T15:06:35.000000Z"}, {"uuid": "70dc37f3-4ac6-463b-996a-3f8a8b788956", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43532", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3344", "content": "https://www.akamai.com/blog/security-research/winreg-relay-vulnerability\n\nCall and Register \u2014 Relay Attack on WinReg RPC Client\n\nhttps://github.com/akamai/akamai-security-research/tree/main/PoCs/cve-2024-43532\n\n#\u5206\u6790 #github #poc", "creation_timestamp": "2024-10-20T18:04:40.000000Z"}, {"uuid": "0a742597-c655-4d96-87ef-0d4d658d498a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43532", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11314", "content": "#Red_Team_Tactics\n1. Bypassing UAC with SSPI Datagram Contexts\nhttps://github.com/antonioCoco/SspiUacBypass\n2. Call and Register - Relay Attack on WinReg RPC Client\nhttps://www.akamai.com/blog/security-research/winreg-relay-vulnerability\n]-&gt; https://github.com/akamai/akamai-security-research/tree/main/PoCs/cve-2024-43532", "creation_timestamp": "2024-10-23T00:48:15.000000Z"}]}