CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.3%
This release features two new exploits targeting old friends: Confluence and Ivanti. CVE-2024-21683 is a very easy vulnerability to exploit, but as pointed out in the AttackerKB Review, it requires authentication as a βConfluence Administrator.β On the other hand, CVE-2024-29824 is an unauthenticated SQL Injection in Ivanti Endpoint Manager up to version 2022 SU5 that results in code execution as the NT Service user.
Authors: Ankita Sawlani, Huong Kieu, W01fh4cker, and remmons-r7
Type: Exploit
Pull request: #19314 contributed by remmons-r7
Path: multi/http/atlassian_confluence_rce_cve_2024_21683
AttackerKB reference: CVE-2024-21683
Description: This adds an exploit for CVE-2024-21683 which is an authenticated RCE in Atlassian Confluence affecting all versions prior to 7.17 and many versions up to 8.9.0.
Authors: Christophe De La Fuente and James Horseman
Type: Exploit
Pull request: #19274 contributed by cdelafuente-r7
Path: windows/http/ivanti_epm_recordgoodapp_sqli_rce
CVE reference: ZDI-24-507
Description: This adds an exploit for CVE-2024-29824, which is unauthenticated SQLi in Ivanti Endpoint Manager 2022 SU5 and prior which can be used to obtain RCE.
You can always find more documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.3%