-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add detection for CVE-2024-8956 and CVE-2024-8957 #131
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #131 +/- ##
==========================================
+ Coverage 96.28% 96.35% +0.06%
==========================================
Files 166 168 +2
Lines 5891 6001 +110
==========================================
+ Hits 5672 5782 +110
Misses 219 219 ☔ View full report in Codecov by Sentry. |
@@ -53,7 +53,7 @@ class VulnerabilityMetadata: | |||
|
|||
title: str | |||
description: str | |||
reference: str | |||
reference: str | list[str] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry but this is not clean, we simply need to switch to references of list[str] only and changes all the other code.
Agent Asteroid Implementation for CVE-2024-8956 and CVE-2024-8957
Summary
This pull request introduces detection and exploitation support for two critical vulnerabilities in the ValueHD PTZ Camera firmware below version 6.3.40:
Both vulnerabilities are cataloged as CRITICAL due to their potential impact on device security.
Changes
Detection Mechanisms:
/cgi-bin/param.cgi?get_device_conf
endpoint./cgi-bin/param.cgi?post_network_other_conf
endpoint.versioninfo="SOC v\d+\.\d+\.\d+
to confirm firmware version compatibility.6.3.40
, marking it as vulnerable if true.Metadata Adjustments:
reference
field to support bothstr
andlist[str]
types for better handling of multiple CVE references.Enhancements in
webexploit.py
:_create_vulnerability()
method to support multiple references.