CVE-2024-41570

An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:havocframework:havoc:-:*:*:*:*:*:*:*

History

29 Aug 2024, 13:32

Type Values Removed Values Added
References () https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/ - () https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/ - Exploit, Third Party Advisory
First Time Havocframework havoc
Havocframework
CPE cpe:2.3:a:havocframework:havoc:-:*:*:*:*:*:*:*
Summary
  • (es) Server-Side Request Forgery (SSRF) no autenticado en demon callback handling en Havoc 2 0.7 permite a los atacantes enviar tráfico de red arbitrario procedente del servidor del equipo.

13 Aug 2024, 01:14

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-918

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-08-29 13:32


NVD link : CVE-2024-41570

Mitre link : CVE-2024-41570

CVE.ORG link : CVE-2024-41570


JSON object : View

Products Affected

havocframework

  • havoc
CWE
CWE-918

Server-Side Request Forgery (SSRF)