10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Image Credit: https://upload.wikimedia.org/wikipedia/commons/c/c7/Logs.jpg without change
The Log4j loop continues as we release a module targeting vulnerable vCenter releases. This is a good time to suggest that you check your vCenter releases and maybe even increase the protection surrounding them, as it’s been a rough year-plus for vCenter.
bcoles sent us a module that targets Grandstream GXV3175IP phones that allows remote code execution. It’s always fun to get a shell on a phone.
phonecookie
cookie is parsed, after which a command injection vulnerability in the ‘settimezone’ action’s ‘timezone’ parameter is exploited to gain RCE as the root
user.post/multi/manage/sudo
module has been enhanced to print out a warning message and exit early if the session type that is trying to be upgraded via sudo
is Meterpreter, since Meterpreter does not support sudo elevation at present.normalize
function of lib/msf/core/opt_path.rb
whereby the path parameter passed in wasn’t checked to see if it was empty prior to calling File.expand_path
on it. In these cases the path returned would be that of the current directory, which could lead to unexpected results. This has been fixed with improved validation to ensure that the path parameter is not an empty string prior to expanding the path.local_admin_search_enum
module whereby a typo was causing the module to crash on an undefined variable. The typo has been corrected and the module now accesses the correct variable.As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C