8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.692 Medium
EPSS
Percentile
97.5%
Smashery continues to… smash it by updating our .NET assembly execution module. The original module allowed users to run a .NET exe as a thread within a process they created on a remote host. Smashery’s improvements let users run the executable within a thread of the process hosting Meterpreter and also changed the I/O for the executing thread to support pipes, allowing interaction with the spawned .NET thread, even when the other process has control over STDIN and STDOUT. The changes add more stealth, better I/O, more injection options, and reliability improvements.
We’re hiring a Security Researcher to develop high-quality modules and produce research that continues to inspire contributions and interest from a growing community. This role can be based on any of the following Rapid7 Offices: Austin TX, Boston MA, Arlington V, Boston MA, Tampa FL, Dublin, or our new Prague office! Seniority level is also flexible depending on experience and team fit.
Authors: Jari Jääskelä and RedWay Security
Type: Exploit
Pull request: #18134 contributed by heyder
AttackerKB reference: CVE-2023-25194
This PR adds a module which exploits CVE-2023-25194, an unauthenticated deserialization vulnerability which leads to RCE in Apache Druid.
post/windows/manage/execute_dotnet_assembly
module to allow it to run the .NET assembly within the current process. The module can now also read the output from all injection techniques.execute_dotnet_assembly
module’s ability to correctly identify the signature of the main method. Users no longer need to know and specify it themselves.jenkins_gather
module to work with newer version of Jenkins.getuid
command within a Windows Python Meterpreter has been fixed.You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.692 Medium
EPSS
Percentile
97.5%