CVE-2024-47575 PoC — Fortinet FortiManager 访问控制错误漏洞

Source

https://github.com/groshi/CVE-2024-47575-POC

Associated Vulnerability

Title:Fortinet FortiManager 访问控制错误漏洞 (CVE-2024-47575)
Description:A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

Description

CVE-2024-47575: Critical Remote Code Execution (RCE) Vulnerability in VMware Horizon

Readme

# CVE-2024-47575-POC
CVE-2024-47575: Critical Remote Code Execution (RCE) Vulnerability in VMware Horizon
--------------------------------------------------------------------------------------
**Description:** CVE-2024-47575 is a high-severity vulnerability affecting VMware Horizon. This issue exists due to insufficient validation of inputs within Horizon's API processing framework, which allows a remote attacker with network access to inject and execute arbitrary code on the server. This could lead to unauthorized system compromise, granting attackers the ability to control sensitive data or deploy additional malicious actions.

![image](https://github.com/user-attachments/assets/a234c428-a731-40af-930c-ab89dc4a8acd)

**Issue**
CVE-2024-47575 is a critical security flaw resulting from a lack of input validation in VMware Horizon's API. This weakness can be exploited by sending malicious requests, enabling unauthorized access and code execution on affected systems.

------------------------------------------------------------------------------------
**Private Exploit (Limited to 10 Hands)**

**Access exploit via private sale:**

[**Download**](https://satoshidisk.com/pay/CMkgSC)

------------------------------------------------------------------------------------

**Cause:** Insufficient input validation in Horizon's API processing.
**Impact: **Grants attackers unauthorized access, potentially leading to system compromise.
**Resolution: **VMware recommends updating to the latest patched version and monitoring for abnormal network activity.

![image](https://github.com/user-attachments/assets/1a5876c8-2f73-4d83-88fd-64b8da3ace41)

**Exploit Instructions**
Prepare the Target: Verify the target is running a vulnerable version of VMware Horizon.

**Clone the Exploit:** Download exploit_vuln47575.py from the private repository.

**Execute Command:**

**Run arbitrary commands on the target system by executing:**

python exploit_vuln47575.py -h <target_ip> -p <target_port> -c '<command>'

**Example:**

python exploit_vuln47575.py -h 192.168.1.15 -p 443 -c 'uname -a'

**Optional Flags:**

-t: Set a custom timeout (default: 10 seconds)
-r: Retry if the initial exploit attempt fails

**Sample Command:**

python exploit_vuln47575.py -h 10.0.0.5 -p 443 -c 'whoami' -t 5 -r

**Post-Exploitation:**

If successful, the command output will be displayed in the terminal.
Additional commands can be chained for privilege escalation or data extraction as needed.

![image](https://github.com/user-attachments/assets/4e4484a2-416f-46ba-8055-22eb8afe09bc)

**Contact Information**
For inquiries or additional details, please contact **groshi@thesecure.biz.**

File Snapshot


 [4.0K]  /data/pocs/cccbb793e257c05528f1eee1b09a7d21f9d5ee1a
├── [  35]  Download
└── [2.6K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!