1731 matches found
Metasploit Weekly Wrap-Up
2022 Vulnerability Intelligence Report Released Rapid7’s broader vulnerability research team released our 2022 Vulnerability Intelligence Report this week. The report includes Metasploit and research team data on exploitation, exploitability, and vulnerability profiles that are intended to help...
What’s New in InsightVM: Q3 2020 in Review
Here at Rapid7, we’re pretty proud of the work that goes into keeping InsightVM a leader in the vulnerability risk management space. We’re constantly investing in and improving InsightVM capabilities so our customers have no trouble seeing and proving value. That said, here’s our roundup of the n...
Patch Tuesday - August 2024
Microsoft is addressing 88 vulnerabilities this August 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for ten of the vulnerabilities published today, which is significantly more than usual. At time of writing, all six of the known-exploited...
Patch Tuesday - June 2023
It’s June, and it’s Patch Tuesday. The volume of fixes this month is typical compared with recent history: 94 in total including Edge-on-Chromium. For the first time in a while, Microsoft isn’t offering patches for any zero-day vulnerabilities, but we do get fixes for four critical Remote Code...
Patch Tuesday - June 2021
It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation CVE-2021-31955, CVE-2021-31956,...
SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know
What’s up? We start the November critical vulnerability season with a pair of CVEs—CVE-2020-16846 and CVE-2020-25592—that, when combined, can result in unauthenticated remote root access on a target system. SaltStack developers disclosed these weaknesses on Nov. 3, 2020 and have released patches...
CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability
On Monday, October 16, Cisco’s Talos group published a blog on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software. IOS XE is an operating system that runs on a wide range of Cisco networking devices,...
Metasploit Wrap-Up
Advantech iView NetworkServlet Command Injection This week Shelby Pace has developed a new exploit module for CVE-2022-2143. This module uses an unauthenticated command injection vulnerability to gain remote code execution against vulnerable versions of Advantech iView software below 5.7.04.6469...
SolarWinds Patches Four New Vulnerabilities in Their Orion Platform
On Thursday, March 25, 2021, SolarWinds released fixes for four new vulnerabilities in their Orion platform, the most severe of which is an authenticated remote code execution flaw due to a JSON deserialization weakness. Fixes for these weaknesses are in Orion Platform 2020.2.5. Given the...
Metasploit Wrap-Up
Exploiting weak configurations Community contributor Graeme Robinson added two modules targeting insecurely configured API's, both of which lead to remote code execution. The first module exploits a lack of access control in Apache NiFi, which allows for the creation of an ExecuteProcess processo...
InsightVM Scanning: Demystifying SSH Credential Elevation
Written in collaboration with Jimmy Cancilla The credentials to log into the assets on the network are one of the most critical inputs that can be provided to a vulnerability assessment. In order to capture and report on the full risk of an asset, the scan engine must be able to access the asset ...
Metasploit Wrap-Up
Windows Server 2012 Fun Community contributor Erik Wynter added a local exploit module for a DLL hijacking vulnerability he discovered in Windows Server 2012. The TiWorker.exe process that runs as NT AUTHORITY\SYSTEM attempts to load SrClient.dll, which does not exist on the system. Because of...
Metasploit Weekly Wrap-Up
Taking a stroll down memory lane Tomcat Init Script Privilege Escalation Do you remember the issue with Tomcat init script that was originally discovered by Dawid Golunski back in 2016 that led to privilege escalation? This week's Metasploit release includes an exploit module for CVE-2016-1240 by...
Cisco Patches Recently Disclosed "sudo" Vulnerability (CVE-2021-3156) in Multiple Products
While Punxsutawney Phil may have said we only have six more weeks of winter, the need to patch software and hardware weaknesses will, unfortunately, never end. Cisco has released security updates to address vulnerabilities in most of their product portfolio, some of which may be exploited to gain...
Metasploit Weekly Wrap-Up
Have you built out that awesome media room? If your guilty pleasures include using a mobile device to make your home entertainment system WOW your guests, you might be using Unified Remote. I hope you are extra cautious about what devices you let on that WiFi network. A prolific community member...
CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)
On April 9, 2022, ManageEngine fixed CVE-2022-28810 with the release of ADSelfService Plus Build 6122. The vulnerability allowed the admin user to execute arbitrary operating system commands and potentially allowed partially authenticated Active Directory users to execute arbitrary operating syst...
Metasploit Weekly Wrap-Up
TeamCity authentication bypass and remote code execution This week’s Metasploit release includes a new module for a critical authentication bypass in JetBrains TeamCity CI/CD Server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally...
Patch Tuesday - April 2022
From Defender to Windows, Office to Azure, this month’s Patch Tuesday has a large swath of Microsoft’s portfolio getting vulnerabilities fixed. 119 CVEs were addressed today, not including the 26 Chromium vulnerabilities that were fixed in the Edge browser. One of these has been observed being...
[Security Nation] Jack Cable on Ransomwhere
!\Security Nation\ Jack Cable on Ransomwherehttps://blog.rapid7.com/content/images/2021/10/securitynationlogo--1-.jpg In this episode of Security Nation, Jen and Tod chat with Jack Cable, security architect at the Krebs Stamos Group, about Ransomwhere, a crowdsourced ransomware payment tracker...
Metasploit Wrap-Up
SuiteCRM Log File RCE First time Metasploit Framework contributor mcorybillington has added a new module for SuiteCRM versions 7.11.18 and below. This module takes advantage of the input validation being case sensitive, allowing for an authenticated user to rename the SuiteCRM log file to have an...
What’s New in InsightVM and Nexpose: Q2 2023 in Review
The past few weeks have been extraordinary for the global threat landscape with zero-day vulnerabilities like MOVEit CVE-2023-34362 and Barracuda’s Email Security Gateway ESG CVE-2023-2868. Rapid7’s security research team was one of the first to detect exploitation of Progress Software’s MOVEit...
CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)
Rapid7 discovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool psql. This discovery was made while Rapid7 was performing research into the recent exploitation of CVE-2024-12356 — an unauthenticated remote code execution RCE vulnerability th...
CVE-2023-27997: Critical Fortinet Fortigate Remote Code Execution Vulnerability
On June 9, 2023, Fortinet silently patched a purported critical remote code execution RCE vulnerability in Fortigate SSL VPN firewalls. According to Lexfo Security’s Charles Fol, who discovered the vulnerability, the flaw is heap-based and reachable pre-authentication. According to reports,...
CVE-2021-43287 Allows Pre-Authenticated Build Takeover of GoCD Pipelines
On October 26, 2021, open-source CI/CD solution GoCD released version 21.3.0, which included a fix for CVE-2021-43287, a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information, including build secrets and encryption keys...
Metasploit Wrap-Up
NSClient++ Community contributor Yann Castel has contributed an exploit module for NSClient++ which targets an authenticated command execution vulnerability. Users that are able to authenticate to the service as admin can leverage the external scripts feature to execute commands with SYSTEM level...
Metasploit Wrap-Up 03/08/2024
New module content 2 GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: 18821 contributed by n00bhaxor Path: gather/gitlabtagsrssfeedemaildisclosure AttackerKB reference: CVE-2023-5612 Description: This adds an auxiliary module that leverages an...
Metasploit Weekly Wrap-Up
Apache MQ and Three Cisco Modules in a Trenchcoat This week’s release has a lot of new content and features modules targeting two major recent vulnerabilities that got a great deal of attention: CVE-2023-46604 targeting Apache MQ resulting in ransomware deployment and CVE-2023-20198 targeting Cis...
Cloud Pentesting, Pt. 1: Breaking Down the Basics
The concept of cloud computing has been around for awhile, but it seems like as of late — at least in the penetration testing field — more and more customers are looking to get a pentest done in their cloud deployment. What does that mean? How does that look? What can be tested, and what’s out of...
Metasploit Weekly Wrap-Up
Log4Shell goodness Log4Shell made an unfortunate end to 2021 for many organizations, but it also makes for some great additions to Metasploit Framework. Contributors sempervictus, schierlm, righel, timwr and our very own Spencer McIntyre have collaborated to bring us a Log4Shell module that uses...
Sharing the Gifts of Cybersecurity – Or, a Lesson From My First Year Without Santa
Editor’s note: We had planned to publish our Hacky Holidays blog series throughout December 2021 – but then Log4Shell happened, and we dropped everything to focus on this major vulnerability that impacted the entire cybersecurity community worldwide. Now that it’s 2022, we’re feeling in need of...
Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products
What’s up? On Feb. 24, 2021, Cisco released many patches for multiple products, three of which require immediate attention by organizations if they are running affected systems and operating system/software configurations. They are detailed below: Cisco ACI Multi-Site Orchestrator Application...
State-Sponsored Threat Actors Target Security Researchers
This blog was co-authored by Caitlin Condon, VRM Security Research Manager, and Bob Rudis, Senior Director and Chief Security Data Scientist. On Monday, Jan. 25, 2021, Google’s Threat Analysis Group TAG published a blog on a widespread social engineering campaign that targeted security researcher...
Ransomware Campaign Compromising VMware ESXi Servers
On February 3, 2023, French web hosting provider OVH and French CERT issued warnings about a ransomware campaign that was targeting VMware ESXi servers worldwide with a new ransomware strain dubbed “ESXiArgs.” The campaign appears to be leveraging CVE-2021-21974, a nearly two-year-old heap overfl...
CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED)
A low-privileged local attacker can prevent the VMware Guest Authentication service VGAuthService.exe from running in a guest Windows environment and can crash this service, thus rendering the guest unstable. In some very contrived circumstances, the attacker can leak file content to which they d...
Metasploit Wrap-Up
GSoC Rocks! In a rare double whammy, one of our 2020 Google Summer of Code GSoC participants has authored a PR containing both enhancements & a new module! Improvements to our SQL injection library now allow PostgreSQL injection, and this new functionality has been verified with both a test modul...
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1. The vulnerability is remotely exploitable and allows an unauthorized user to create an admin user...
CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center
On October 4, 2023, Atlassian published a security advisory on CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center. CVE-2023-22515 was originally announced as a privilege escalation vulnerability, but was later changed to a brok...
Metasploit Weekly Wrap-Up 03/29/2024
PHP code execution and Oversharepoint Here in the Northern Hemisphere, Spring is in the air: flowers, bees, pollen… a new Metasploit 6.4 release, and now, fresh on the heels of this new release is a bountiful crop of exploits, features, and bug-fixes. Leading the pack is a pair of 2024 PHP code...
CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances
Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway ESG appliances dating back to at least November 2022. As of June 6, 2023, as part of an ongoing product incident response, Barracuda is urging ESG customers to immediately...
CVE-2023-22374: F5 BIG-IP Format String Vulnerability
While following up our previous work on F5's BIG-IP devices, Rapid7 found an additional vulnerability in the appliance-mode REST interface; the vulnerability was assigned CVE-2023-22374. We reported it to F5 on December 6, 2022, and are now disclosing it in accordance with our vulnerability...
Metasploit Weekly Wrap-Up
See something say something Have an idea on how to expand on Metasploit Documentation on ? Did you see a typo or some other error on the docs site? Thanks to adfoster-r7, submitting an update to the documentation is as easy as clicking the 'Edit this page on GitHub' link on the page you want to...
Overview of Content Security Policies (CSPs) on the Web
A Content Security Policy is a protocol that allows a site owner to control what resources are loaded on a web page by the browser, and how those resources may be loaded. This protocol was developed primarily to mitigate the impact of cross-site scripting XSS vulnerabilities. To understand exactl...
Critical CVEs in Outdated Versions of Atlassian Confluence and VMware vCenter Server
Rapid7 is highlighting two critical vulnerabilities in outdated versions of widely deployed software this week. Atlassian disclosed CVE-2023-22527, a template injection vulnerability in Confluence Server with a maxed-out CVSS score of 10, while VMware pushed a fresh update to its October 2023...
Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways
Information on these vulnerabilities has evolved considerably since this blog was originally published on January 11, 2024. Customers should refer to Ivanti's two advisories, KB article, and recovery guidance for the latest updates. On Wednesday, January 10, 2024, Ivanti disclosed two zero-day...
Nearly 19,000 ESXi Servers Still Vulnerable to CVE-2021-21974
Last week, multiple organizations issued warnings that a ransomware campaign dubbed “ESXiArgs” was targeting VMware ESXi servers, allegedly by leveraging CVE-2021-21974—a nearly two-year-old heap overflow vulnerability. Two years. And yet, Rapid7 research has found that a significant number of ES...
Metasploit Weekly Wrap-Up
Pre-authenticated Remote Code Execution in VMware NSX Manager using XStream CVE-2021-39144 There’s nothing quite like a pre-authenticated remote code execution vulnerability in a piece of enterprise software. This week, community contributor h00die-gr3y added a module that targets VMware NSX...
FLEXlm and Citrix ADM Denial of Service Vulnerability
Note: Updated October 20, 2022 to clarify that this bypasses CVE-2022-27512 and not CVE-2022-27511, which has a different root cause. On June 27, 2022, Citrix released an advisory for CVE-2022-27511 and CVE-2022-27512, which affect Citrix ADM Application Delivery Management. Rapid7 investigated...
Metasploit Wrap-Up
Telemetry is for gathering data, not executing commands as root, right?... This week's highlight is a new exploit module by our own wvu for VMware vCenter Server CVE-2021-22005, a file upload vuln that arises from a flaw in vCenter’s analytics/telemetry service, which is enabled by default...
Critical Vulnerabilities in WS_FTP Server
On September 27, 2023, Progress Software published a security advisory on multiple vulnerabilities affecting WSFTP Server, a secure file transfer solution. There are a number of vulnerabilities in the advisory, two of which are critical CVE-2023-40044 and CVE-2023-42657. Our research team has...
Metasploit Weekly Wrap-Up
ProxyNotShell This week's Metasploit release includes an exploit module for CVE-2022-41082, AKA ProxyNotShell by DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q, Orange Tsai, Piotr Bazydło, Rich Warren, Soroush Dalili, and our very own Spencer McIntyre. The vulnerability CVE-2022-41082, AKA ProxyNotShell is a...