9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
This week Shelby Pace has developed a new exploit module for CVE-2022-2143. This module uses an unauthenticated command injection vulnerability to gain remote code execution against vulnerable versions of Advantech iView software below 5.7.04.6469
. The software runs as NT AUTHORITY\SYSTEM, granting the module user unauthenticated privileged access with relatively low effort. Version 5.7.04.6469 has been patched to require authentication, but remote code execution can still be achieved - gaining a shell as the LOCAL SERVICE user.
Our very own Jake Baines has contributed a new module which scans for the Cisco ASA ASDM landing page and performs login brute-force to identify valid credentials:
msf6 > use auxiliary/scanner/http/cisco_asa_asdm_bruteforce
msf6 auxiliary(scanner/http/cisco_asa_asdm_bruteforce) > set RHOST 10.9.49.201
RHOST => 10.9.49.201
msf6 auxiliary(scanner/http/cisco_asa_asdm_bruteforce) > set VERBOSE false
VERBOSE => false
msf6 auxiliary(scanner/http/cisco_asa_asdm_bruteforce) > run
[*] The remote target appears to host Cisco ASA ASDM. The module will continue.
[*] Starting login brute force...
[+] SUCCESSFUL LOGIN - "cisco":"cisco123"
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/http/cisco_asa_asdm_bruteforce) >
scripts/meterpreter/killav.rb
script has been removed since scripts have been depreciated for over 5 years. It has been replaced with post/windows/manage/killav
.scripts/meterpreter/panda_2007_pavsrv51.rb
script has been removed and replaced by exploit/windows/local/service_permissions
. Note that scripts have been deprecated for over 5 years and are no longer supported../scripts/meterpreter/dumplinks.rb
, replace with post/windows/gather/dumplink
which does pretty much the same thing but is a proper module vs a deprecated script, since we stopped supporting scripts several years ago.scripts/meterpreter/get_pidgin_creds.rb
has been removed since scripts have been depreciated for some time now and are no longer supported. It has been replaced by post/multi/gather/pidgin_cred
.scripts/meterpreter/arp_scanner.rb
script has been replaced with post/windows/gather/arp_scanner
which implements the same logic with an improved OUI database to help fingerprint the MAC vendor.post/windows/manage/forward_pageant
module caused by the removal of Dir::Tmpname.make_tmpname()
in Ruby 2.5.0. This also makes some improvements to the code.As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).