VulnCheck Initial Access Intelligence equips organizations and security teams with detection artifacts such as Suricata signatures, YARA rules, PCAPs, and private exploit PoCs to defend against initial access vulnerabilities that are either already being exploited or likely to be exploited soon.
Before we get into this months details, it’s worth mentioned that go-exploit, VulnCheck’s exploit framework, now supports scanless asset detection and version scanning, using the exact same code for active scanning. You can learn more about that here.
In July 2024, VulnCheck crossed 250+ Initial Access Intelligence (IAI) artifacts, developing artifacts for 14 CVEs, covering 13 different vendors and 10 different products.
To provide better visibility into these updates, we’ve broken down July’s Initial Access Intelligence Artifacts by CVE. For each CVE, we provide a range of detection tools including:
- Exploits
- Version scanners
- PCAPs
- Suricata rules
- Snort rules
- YARA rules
- Greynoise/Censys/Shodan queries
| Artifact Name | Date Added | CVE | Exploit | Version Scanner | pcap | Suricata Rule | snortRule | yara |
|---|---|---|---|---|---|---|---|---|
| Zyxel Customer-Provided Equipment Configuration Disclosure | 2024-07-04 | CVE-2023-28770 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Apache Superset Session Forgery | 2024-07-05 | CVE-2023-27524 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| GeoServer Remote Code Execution | 2024-07-05 | CVE-2024-36401 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Progress WhatsUp Gold Path Traversal | 2024-07-12 | CVE-2024-4885 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Zyxel CPE Diag Command Injection | 2024-07-12 | CVE-2024-40890 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Zyxel CPE Telnet Command Injection | 2024-07-12 | CVE-2024-40891 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Apache CloudStack Unsecured cluster API remote code execution | 2024-07-15 | CVE-2024-38346 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Laravel Credential leak in log files | 2024-07-17 | CVE-2024-29291 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Zyxel Auth Bypass and pkg_init_cmd Command Injection | 2024-07-19 | CVE-2023-4473 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Magento XXE Information Disclosure | 2024-07-21 | CVE-2024-34102 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| H3C ERHMG2 Configuration/Password Leak | 2024-07-22 | CVE-2024-32238 | ✅ | ✅ | ✅ | ✅ | ||
| Elementor Essential Addons WordPress Plugin Authentication Bypass Remote Code Execution | 2024-07-25 | CVE-2023-32243 | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Ghostscript Filesystem Format String RCE | 2024-07-30 | CVE-2024-29510 | ✅ | ✅ | ||||
| AJ-Report unauthenticated path-traversal Java evaluation RCE | 2024-07-31 | CVE-2024-7314 | ✅ | ✅ | ✅ | ✅ | ✅ |
Learn more about how you can leverage Initial Access Intelligence detection artifacts to detect & respond to remote code execution (RCE) vulnerabilities here: https://docs.vulncheck.com/products/initial-access-intelligence/introduction
