What is CVE-2024-41570?

CVE-2024-41570 is a vulnerability in N/a. Published 2024-08-09.

Is CVE-2024-41570 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-41570

An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.

EPSS: 0.741 (98.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

chebuya/Havoc-C2-SSRF-poc
HimmeL-Byte/CVE-2024-41570-SSRF-RCE
diemoeve/CVE-2024-41570
sebr-dev/Havoc-C2-SSRF-to-RCE
leo-mitch/CVE-2024-41570-Havoc-C2-RCE
thisisveryfunny/CVE-2024-41570-Havoc-C2-RCE
kit4py/CVE-2024-41570
nomi-sec/PoC-in-GitHub
Nicolas-Arsenault/Havoc-C2-RCE-2024
ARPSyndicate/cve-scores

References

blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/

Frequently asked questions

What is CVE-2024-41570?: CVE-2024-41570 is a vulnerability in N/a. Published 2024-08-09.
Is CVE-2024-41570 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.