CVE-2017-5231

2017-03-02T15:59:00
ID CVE-2017-5231
Type cve
Reporter NVD
Modified 2017-03-20T21:59:02

Description

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.