CVE-2024-41570

The affected software is Havoc 2, specifically version 0.7. This version is affected by an Unauthenticated Server-Side Request Forgery (SSRF) issue in demon callback handling, allowing attackers to send arbitrary network traffic from the team server, potentially leading to Remote Code Execution (RCE) and an automated reverse shell via WebSocket. An exploit is available to send arbitrary network traffic originating from the team server. A hotpatch is available for the teamserver, which can be applied by navigating to the Havoc directory and running a specific command.

The vulnerable software is Havoc 2, version 0.7. The issue can be exploited by sending a spoofed demon agent, allowing attackers to send arbitrary network traffic from the team server.

#Havoc #SSRF #RCE #CyberSecurity #Infosec #HavocC2 #Pentesting #cybersecurityawareness #hacker