s4mb4sh (2)

Last Login: August 11, 2024

Assessments

Score

s4mb4sh's Latest (2) Contributions

Sort by:

Filter by:

s4mb4sh replied to ccondon-r7's assessment of CVE-2024-6387

July 12, 2024 11:06am UTC (2 months ago)•Edited 1 month ago

Check it out, Santander’s team investigation, analysed on fake SSH exploits POC.

https://santandersecurityresearch.github.io/blog/sshing_the_masses

s4mb4sh assessed CVE-2024-38023

July 11, 2024 1:33pm UTC (2 months ago)

Ratings

Attacker Value

Medium

Exploitability

High

Easy to weaponize Vulnerable in default configuration Authenticated

Technical Analysis

This vulnerability also requires authentication, but any SharePoint user with Site Owner permissions can hit it. However, the default configuration of SharePoint allows authenticated users to create sites. That’s why I disagree with Microsoft’s CVSS rating here. By changing “Privileges Required” to low instead of high, it takes it from a 7.2 to (IMHO) more accurate 8.8

The POC disclosed shows up the easy exploitation despite to be authenticated.

This site uses cookies for anonymized analytics. For more information or to change your cookie settings, view our Cookie Policy.

s4mb4sh (2)

Last Login: August 11, 2024

s4mb4sh's Latest (2) Contributions

Ratings

Technical Analysis

Quick Cookie Notification