9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.8 High
EPSS
Percentile
97.8%
Party hard just like itβs Mardi Gras! bwatters-r7 delivered the dance moves this week with a masterful performance. The windows/http/moveit_cve_2023_34362
module is available for all your party needs, taking advantage of CVE-2023-34362, this module gets into the MOVEit
database and nets shells to help you "Keep on jumpinβ off the floor"!
Authors: bwatters-r7, rbowes-r7, and sfewer-r7
Type: Exploit
Pull request: #18100 contributed by bwatters-r7
AttackerKB reference: CVE-2023-34362
Description: Adds a new module targeting the MOVEit Transfer web application that allows an unauthenticated attacker to gain access to MOVEit Transferβs database.
auxiliary/admin/dcerpc/icpr_cert
module to issue certificates for an explicit SID by specifying it within the NTDS_CA_SECURITY_EXT
. This addition ensures that ESC1 will remain exploitable when issuing certificates with an SID becomes a requirement.loadpath test/modules
.test/file
module. This module is useful for developers contributing enhancements or new functionality to Meterpreter and other payloads. It is available after running loadpath test/modules
.test/railgun_reverse_lookup
tests for macOS and Linux.windows/meterpreter/reverse_tcp
where there was a small chance of an invalid stager being created.test/extapi
module. The module was facing issues returning clipboard data that pertained to the session being tested, this issue has been resolved. This module is useful for developers contributing enhancements or new functionality to Meterpreter and other payloads. It is available after running loadpath test/modules
.You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.8 High
EPSS
Percentile
97.8%