CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-41570

Critical Severity
Havocframework
SVRS
94/100
CVSSv3
9.8/10
EPSS
0.5241/1

CVE-2024-41570: Unauthenticated Server-Side Request Forgery (SSRF) vulnerability in Havoc 2 0.7. This allows attackers to send arbitrary network traffic originating from the team server. The SVRS score of 94 indicates a critical vulnerability requiring immediate action. Attackers can exploit this flaw to potentially access internal resources, bypass security controls, or launch further attacks using the team server as a proxy. The existence of active exploits "In The Wild" heightens the urgency. The combination of a high CVSS score (9.8) and SVRS score indicates significant risk. Address CVE-2024-41570 immediately to prevent unauthorized access and mitigate potential damage from malicious actors.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-08-12
LAST MODIFIED2024-08-29
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-41570 is an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in Havoc 2 0.7. This vulnerability allows attackers to send arbitrary network traffic originating from the team server. The CVSS score is 9.8, indicating a critical severity level. However, the SOCRadar Vulnerability Risk Score (SVRS) is 40, suggesting a moderate risk. This discrepancy is due to the SVRS's incorporation of additional vulnerability intelligence elements, such as social media and dark web data, which indicate a lower level of immediate threat.

Key Insights

  • Unauthenticated Access: This vulnerability can be exploited without requiring any authentication, making it easier for attackers to compromise systems.
  • Arbitrary Network Traffic: Attackers can use this vulnerability to send arbitrary network traffic, allowing them to exfiltrate sensitive data, launch denial-of-service attacks, or pivot to other systems within the network.
  • Active Exploits: Active exploits have been published for this vulnerability, indicating that attackers are actively exploiting it in the wild.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures to mitigate the risk.

Mitigation Strategies

  • Update Software: Apply the latest software updates from the vendor to patch the vulnerability.
  • Restrict Network Access: Implement network segmentation and firewall rules to restrict access to vulnerable systems from untrusted networks.
  • Monitor Network Traffic: Monitor network traffic for suspicious activity, such as unusual outbound connections or data exfiltration attempts.
  • Use Web Application Firewalls (WAFs): Deploy WAFs to block malicious requests and protect against SSRF attacks.

Additional Information

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: Active exploits have been published.
  • CISA Warnings: CISA has issued a warning for this vulnerability.
  • In The Wild: The vulnerability is actively exploited by hackers.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
chebuya/Havoc-C2-SSRF-pochttps://github.com/chebuya/Havoc-C2-SSRF-poc2024-07-13
thisisveryfunny/CVE-2024-41570-Havoc-C2-RCEhttps://github.com/thisisveryfunny/CVE-2024-41570-Havoc-C2-RCE2025-01-19
sebr-dev/Havoc-C2-SSRF-to-RCEhttps://github.com/sebr-dev/Havoc-C2-SSRF-to-RCE2025-01-21
kit4py/CVE-2024-41570https://github.com/kit4py/CVE-2024-415702025-01-21
0xLynk/CVE-2024-41570-POChttps://github.com/0xLynk/CVE-2024-41570-POC2025-01-24
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

No news found for this CVE

Social Media

The unauthenticated SSRF vulnerability affecting Havoc C2 has been assigned CVE-2024-41570 (https://t.co/loK3dr47y1) To hotpatch your teamserver: 1) Navigate to the Havoc directory 2) Run the command sed -i '/case COMMAND_SOCKET:/,/return true/d' teamserver/pkg/agent/agent.go
0
3
4

Affected Software

Configuration 1
TypeVendorProduct
AppHavocframeworkhavoc

References

ReferenceLink
[email protected]https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/
GITHUBhttps://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/

CWE Details

CWE IDCWE NameDescription
CWE-918Server-Side Request Forgery (SSRF)The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence