daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2024/CVE-2024-1709.yaml

66 lines
2.3 KiB
YAML
Raw Normal View History

Update and rename http/misconfiguration/screenconnect-authentication-bypass.yaml to http/cves/CVE-2024/CVE-2024-1709.yaml
2024-02-21 19:02:29 +00:00
id: CVE-2024-1709
Create screenConnect-authentication-bypass.yaml
2024-02-21 10:41:25 +00:00
info:
Update CVE-2024-1709.yaml
2024-02-22 07:45:54 +00:00
name: ConnectWise ScreenConnect 23.9.7 - Authentication Bypass
Create screenConnect-authentication-bypass.yaml
2024-02-21 10:41:25 +00:00
author: johnk3r
Update screenConnect-authentication-bypass.yaml
2024-02-21 10:45:42 +00:00
severity: critical
Update CVE-2024-1709.yaml
2024-02-22 07:45:54 +00:00
description: |
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
Create screenConnect-authentication-bypass.yaml
2024-02-21 10:41:25 +00:00
reference:
- https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
- https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc
Update screenConnect-authentication-bypass.yaml
2024-02-21 10:45:42 +00:00
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
Update CVE-2024-1709.yaml
2024-02-22 07:45:54 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2024-1709
product/queries updated
2024-05-31 19:23:20 +00:00
- https://github.com/rapid7/metasploit-framework/pull/18870
Update CVE-2024-1709.yaml
2024-02-22 07:45:54 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot:
2024-03-23 09:28:19 +00:00
cvss-score: 10
Update CVE-2024-1709.yaml
2024-02-22 07:45:54 +00:00
cve-id: CVE-2024-1709
product/queries updated
2024-05-31 19:23:20 +00:00
cwe-id: CWE-288,NVD-CWE-Other
epss-score: 0.94464
epss-percentile: 0.99213
cpe: cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*
Create screenConnect-authentication-bypass.yaml
2024-02-21 10:41:25 +00:00
metadata:
verified: true
max-request: 1
vendor: connectwise
product: screenconnect
shodan-query: http.favicon.hash:-82958153
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot:
2024-06-07 10:04:29 +00:00
fofa-query:
- app="ScreenConnect-Remote-Support-Software"
- app="screenconnect-remote-support-software"
- icon_hash=-82958153
zoomeye-query:
- app:"ScreenConnect Remote Management Software"
- app:"screenconnect remote management software"
hunter-query:
- app.name="ConnectWise ScreenConnect software"
- app.name="connectwise screenconnect software"
add kev tag
2024-02-24 10:19:04 +00:00
tags: cve,cve2024,screenconnect,connectwise,auth-bypass,kev
fix matcher
2024-02-21 10:58:31 +00:00
variables:
string: "{{rand_text_alpha(10)}}"
Create screenConnect-authentication-bypass.yaml
2024-02-21 10:41:25 +00:00
http:
- method: GET
path:
fix matcher
2024-02-21 10:58:31 +00:00
- "{{BaseURL}}/SetupWizard.aspx/{{string}}"
Create screenConnect-authentication-bypass.yaml
2024-02-21 10:41:25 +00:00
matchers-condition: and
matchers:
- type: word
part: body
words:
fix matcher
2024-02-21 10:58:31 +00:00
- "SetupWizardPage"
- "ContentPanel SetupWizard"
Create screenConnect-authentication-bypass.yaml
2024-02-21 10:41:25 +00:00
condition: and
- type: status
status:
- 200
extractors:
- type: kval
part: header
kval:
- Server
Auto Template Signing [Sat Jun 8 16:02:16 UTC 2024] :robot:
2024-06-08 16:02:17 +00:00
# digest: 4a0a00473045022100bfab58b6db75722dda3352ea196c86075bdddc52baef061222e5e92ce305611002202d979aeba25d39e47d69411d8ccd3ce5cd62a9fbdd84f614c4092ae750d64658:922c64590222798bb761d5b6d8e72950