CVE-2024-41570

Published: Aug 12, 2024Modified: Aug 29, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.

Affected (1)

Products: Havocframework: Havoc

Havocframework

1 product

Havoc

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Havocframework Havoc	All versions

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (1)

https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.