9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
This release has not one, two, or three, but FOUR authenticated Moodle exploit modules, or should I say moodules? H00die comes through again with not just modules, but also an artisanal, bespoke library to support further work. Two target the spell check functions in Moodle, one is a shell upload using administrative credentials, and one allows teachers to get ahead by declaring themselves administrators!
To get through networks, sometimes red teamers need to connect sessions and forward traffic through a βred networkβ of hosts to gain access to a target of interest on an interior network. Smashery has added features to the sessions and jobs information reporting that reflects the status of a forwarded connection and which sessions it is using for its connection. This helps users keep track of an already tricky [or treaty] situation juggling sessions and forwarded connections.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).
[Modified] Image credit https://commons.wikimedia.org/wiki/File:Halloween_Jack-oβ-lantern.jpg
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C