What is CVE-2024-45256?

CVE-2024-45256 is a vulnerability in N/a. Published 2024-08-26.

Is CVE-2024-45256 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-45256

An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occu…

EPSS: 0.509 (97.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

github.com/malwaredllc/byob
blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob/
github.com/chebuya/exploits/tree/main/BYOB-RCE

Frequently asked questions

What is CVE-2024-45256?: CVE-2024-45256 is a vulnerability in N/a. Published 2024-08-26.
Is CVE-2024-45256 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.