Rapid7’s broader vulnerability research team released our 2022 Vulnerability Intelligence Report this week. The report includes Metasploit and research team data on exploitation, exploitability, and vulnerability profiles that are intended to help security teams understand and prioritize risk more effectively. Put simply, security teams have way too much to do in a threat climate that’s seen some pretty crazy escalation the past few years, and understanding attack trends can help them make better risk-based choices.
There are some longer threads on key findings on Twitter and Mastodon. Some of the highlights:
Read the full report here!
Author: Imran E. Dawoodjee
Type: Auxiliary
Pull request: #17676 contributed by ide0x90
Description: This adds a login module for the Softing Secure Integration Server software.
Authors: HMs, l1k3beef, and sf
Type: Exploit
Pull request: #17624 contributed by sfewer-r7
AttackerKB reference: CVE-2022-21587
Description: This pull request adds an exploit module for an arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle E-Business Suite versions 12.2.3 through to 12.2.11, which results in remote code execution. This has been observed to have been exploited in the wild.
Author: Alexander Philiotis
Type: Exploit
Pull request: #17638 contributed by JBince
Description: This adds a module to execute code using Lucee’s scheduled job functionality. The feature requires authentication as an administrator by default and allows a ColdFusion page to be rendered which is used to execute an OS command using the cfexecte
directive. The module works on both Linux and Windows targets.
Author: DLL_Cool_J
Type: Post
Pull request: #17672 contributed by archcloudlabs
Description: This PR includes a post module that will disable ClamAV on Linux systems. The bug resides in the ClamAV Unix socket permitting any user to submit the "shutdown" command which will disable ClamAV.
admin/kerberos/inspect_ticket
module to display the ticket checksum and full PAC checksumgetprivs
and getdesktop
commands to Python Meterpreters running on Windows, and also adds support for getting the handle of processes opened via the session. Additionally, fixes were made to support Python 2.5 and to fix the getdesktop
output of Python Meterpreters.exploit/linux/http/froxlor_log_path_rce
module to note that Foxlor 2.0.7 is the last vulnerable version.route
command has been reworked to improve the way it validates arguments and to print out more accurate error messages.You can always find more documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).