Lucene search

Brendan WattersRAPID7BLOG:04A6D50B73C69B0E69F1FC1005F6D2B6

HistoryJul 12, 2024 - 2:33 p.m.

Metasploit Weekly Wrap-Up 07/12/2024

2024-07-1214:33:24

Brendan Watters

blog.rapid7.com

metasploit

exploit

confluence

ivanti

cve-2024-21683

cve-2024-29824

sql injection

remote code execution

attackerkb

github

documentation

bug fixes

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

Low

EPSS

0.944

Percentile

99.3%

JSON

The Usual Suspects

Metasploit Weekly Wrap-Up 07/12/2024

This release features two new exploits targeting old friends: Confluence and Ivanti. CVE-2024-21683 is a very easy vulnerability to exploit, but as pointed out in the AttackerKB Review, it requires authentication as a ‘Confluence Administrator.’ On the other hand, CVE-2024-29824 is an unauthenticated SQL Injection in Ivanti Endpoint Manager up to version 2022 SU5 that results in code execution as the NT Service user.

New module content (2)

Atlassian Confluence Administrator Code Macro Remote Code Execution

Authors: Ankita Sawlani, Huong Kieu, W01fh4cker, and remmons-r7
Type: Exploit
Pull request: #19314 contributed by remmons-r7
Path: multi/http/atlassian_confluence_rce_cve_2024_21683
AttackerKB reference: CVE-2024-21683

Description: This adds an exploit for CVE-2024-21683 which is an authenticated RCE in Atlassian Confluence affecting all versions prior to 7.17 and many versions up to 8.9.0.

Ivanti EPM RecordGoodApp SQLi RCE

Authors: Christophe De La Fuente and James Horseman
Type: Exploit
Pull request: #19274 contributed by cdelafuente-r7
Path: windows/http/ivanti_epm_recordgoodapp_sqli_rce
CVE reference: ZDI-24-507

Description: This adds an exploit for CVE-2024-29824, which is unauthenticated SQLi in Ivanti Endpoint Manager 2022 SU5 and prior which can be used to obtain RCE.

Bugs fixed (1)

#19312 from adfoster-r7 - Fixes a regression issue that caused the Mettle sniffer extension to not correctly load.

Documentation added (2)

#19301 from adeherdt-r7 - Updates the documentation for setting up developer environments to include running PostgreSQL in a docker container.
#19315 from h00die - Removes duplicate wording from the setting up a developer environment documentation.

You can always find more documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro