National Cyber Warfare Foundation (NCWF) Forums


Metasploit Weekly Wrap-Up 7 19 2024
0 user ratings		2024-07-19 16:46:35
milo
Red Team (CNA)
 - archive -- 
A new unauthenticated RCE exploit for GeoServer, plus library and Meterpreter updates and enhancements.

GeoServer Unauthenticated RCE


Metasploit Weekly Wrap-Up 7/19/2024

This week, contributor h00die-gr3y added an interesting exploit module that targets the GeoServer open-source application. This software is used to view, edit, and share geospatial data. Versions prior to 2.23.6, versions between 2.24.0 and 2.24.3 and versions between 2.25.0 and 2.25.1 are unsafely evaluating property names as XPath expressions, which can lead to unauthenticated remote code execution. This vulnerability is identified as CVE-2024-36401, and affects all GeoServer instances. This has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic, and WPS Execute requests.


New module content (1)


GeoServer Unauthenticated Remote Code Execution


Authors: Steve Ikeoka, h00die-gr3y, and jheysel-r7

Type: Exploit

Pull request: #19311 contributed by h00die-gr3y

Path: multi/http/geoserver_unauth_rce_cve_2024_36401

AttackerKB reference: CVE-2024-36401


Description: This adds an exploit module for CVE-2024-36401, an unauthenticated RCE vulnerability in GeoServer versions prior to 2.23.6, between version 2.24.0 and 2.24.3 and in version 2.25.0, 2.25.1.


Enhancements and features (1)



  • #19325 from pmauduit - Updates the TARGETURI description for the geoserver_unauth_rce_cve_2024_36401 module.


Bugs fixed (3)



  • #19322 from dledda-r7 - This fixes an issue that was causing some Meterpreters to consume large amounts of memory when configured with an HTTP or HTTPS transport that was unable to connect.

  • #19324 from adfoster-r7 - This updates the rpc_session library such that RPC-compatible modules are able to handle unknown sessions, i.e. rpc.call('session.compatible_modules', -1).

  • #19327 from dledda-r7 - This bumps the version of metasploit_payloads-mettle to pull in changes for the Linux and OS X Meterpreters. The changes fix an issue which prevented the sniffer extension from loading.


Documentation


You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.


Get it


As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:



If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro.




Source: Rapid7
Source Link: https://blog.rapid7.com/2024/07/19/metasploit-weekly-wrap-up-7-19-2024/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.