Lucene search

Jacquie HarrisRAPID7BLOG:023DBA8385F69EDF1967FA0A934A37B2

HistoryJul 26, 2024 - 6:07 p.m.

Metasploit Weekly Wrap-Up 07/26/2024

2024-07-2618:07:13

Jacquie Harris

blog.rapid7.com

metasploit

magento

xxe

ghostscript

softing secure integration server

cve-2024-34102

cve-2024-29510

cve-2022-1373

cve-2022-2334

exploit

auxiliary

pull request

error handling

session logging

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

Low

JSON

New module content (3)

Magento XXE Unserialize Arbitrary File Read

Metasploit Weekly Wrap-Up 07/26/2024

Authors: Heyder and Sergey Temnikov
Type: Auxiliary
Pull request: #19304 contributed by heyder
Path: gather/magento_xxe_cve_2024_34102
AttackerKB reference: CVE-2024-34102

Description: This adds an auxiliary module for an XXE which results in an arbitrary file in Magento which is being tracked as CVE-2024-34102.

Ghostscript Command Execution via Format String

Authors: Christophe De La fuente and Thomas Rinsma
Type: Exploit
Pull request: #19313 contributed by cdelafuente-r7
Path: multi/fileformat/ghostscript_format_string_cve_2024_29510
AttackerKB reference: CVE-2024-29510

Description: This adds an exploit module targeting CVE-2024-29510, a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands.

Softing Secure Integration Server v1.22 Remote Code Execution

Authors: Chris Anastasio (muffin) of Incite Team, Imran E. Dawoodjee [email protected], and Steven Seeley (mr_me) of Incite Team
Type: Exploit
Pull request: #19084 contributed by ide0x90
Path: windows/http/softing_sis_rce
CVE reference: ZDI-22-1156

Description: This adds a module targeting CVE-2022-1373 and CVE-2022-2334 as an exploit chain against Softing Secure Integration Server 1.22.

Enhancements and features (2)

#19338 from adfoster-r7 - Improves error handling and progress tracking in the auxiliary/gather/kerberos_enumusers and gather/asrep modules.
#19340 from adfoster-r7 - Improve setg SessionLogging support to work with command shells, as well as allowing logging to be turned on/off at any point - not just for newly created sessions.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro