Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add detection for CVE-2024-8956 and CVE-2024-8957 #131

Closed
wants to merge 6 commits into from

Conversation

nmasdoufi-ol
Copy link
Contributor

Agent Asteroid Implementation for CVE-2024-8956 and CVE-2024-8957

Summary

This pull request introduces detection and exploitation support for two critical vulnerabilities in the ValueHD PTZ Camera firmware below version 6.3.40:

Both vulnerabilities are cataloged as CRITICAL due to their potential impact on device security.

Changes

  1. Detection Mechanisms:

    • Authentication Bypass: Detects bypass vulnerability by checking for vulnerable firmware versions on the /cgi-bin/param.cgi?get_device_conf endpoint.
    • Command Injection: Attempts to execute a command by injecting code into the NTP configuration on the /cgi-bin/param.cgi?post_network_other_conf endpoint.
    • Accept Pattern: Matches against versioninfo="SOC v\d+\.\d+\.\d+ to confirm firmware version compatibility.
    • Version Validation: Checks if the firmware version is below 6.3.40, marking it as vulnerable if true.
  2. Metadata Adjustments:

    • Added reference field to support both str and list[str] types for better handling of multiple CVE references.
  3. Enhancements in webexploit.py:

    • Improved _create_vulnerability() method to support multiple references.
    • Added detailed NVD links for each CVE reference, enabling quick access to official CVE details.

image

Copy link

codecov bot commented Nov 5, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.35%. Comparing base (c842f73) to head (9102d50).

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #131      +/-   ##
==========================================
+ Coverage   96.28%   96.35%   +0.06%     
==========================================
  Files         166      168       +2     
  Lines        5891     6001     +110     
==========================================
+ Hits         5672     5782     +110     
  Misses        219      219              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

agent/asteroid_agent.py Outdated Show resolved Hide resolved
agent/definitions.py Show resolved Hide resolved
@@ -53,7 +53,7 @@ class VulnerabilityMetadata:

title: str
description: str
reference: str
reference: str | list[str]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry but this is not clean, we simply need to switch to references of list[str] only and changes all the other code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants