Vulnerabilities — Tools

POC for CVE-2024-22734 Affecting AMCS Trux Software

, and Dark Web Informer - Cyber Threat Intelligence

2 December 2024 . 1:01 AM

1 min read

GitHub: https://github.com/securekomodo/CVE-2024-22734

CVE-2024-22734

Exploit PoC for CVE-2024-22734

This repository contains the exploit source Proof of Concept (PoC) for CVE-2024-22734, a vulnerability discovered by Bryan Smith of Redline Cyber Security. For detailed information about the vulnerability, please refer to our blog post: CVE-2024-22734: Exploit POC Write-Up.

Vulnerability Overview

CVE-2024-22734 is a critical security issue affecting AMCS Trux Software https://www.amcsgroup.com/solutions/enterprise-management/trux/. This vulnerability allows a local attacker to decrypt the credentials of the master database account due to the use of static hard-coded AES keys in the application's DLL structures.

Disclaimer

This PoC is provided for educational and research purposes only. Use of this PoC against unauthorized systems is strictly prohibited and may violate laws or agreements. The authors are not responsible for misuse or damages.