Lucene search

K
cve[email protected]CVE-2017-5228
HistoryMar 02, 2017 - 8:59 p.m.

CVE-2017-5228

2017-03-0220:59:00
CWE-22
web.nvd.nist.gov
19
rapid7
metasploit
cve-2017-5228
directory traversal
vulnerability

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.7%

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.

Affected configurations

NVD
Node
rapid7metasploitRange4.13.19

CNA Affected

[
  {
    "product": "Metasploit",
    "vendor": "Rapid7",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to version 4.13.0-2017020701"
      }
    ]
  }
]

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.7%

Related for CVE-2017-5228