Author: Erik Wynter
Type: Exploit
Pull request: #18618 contributed by ErikWynter
Path: linux/http/opennms_horizon_authenticated_rce
AttackerKB reference: CVE-2023-0872
Description: This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms
user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLE_FILESYSTEM_EDITOR
privileges and either ROLE_ADMIN
or ROLE_REST
. For versions 32.0.1 and lower, credentials are required for a user with ROLE_FILESYSTEM_EDITOR
, ROLE_REST
, and/or ROLE_ADMIN
privileges.
runc_cwd_priv_esc
module. Prior to this fix, the module would incorrectly report some of the versions that the patch had been back ported to as vulnerable.sessions
command so that both Meterpreter and the top level Metasploit prompt support sessions -i -1
.help
command wording when interacting with basic shells.exploits/windows/local/wmi_persistence
module when Powershell obfuscation was applied.dns
command.README.md
to remove a stale documentation link.You can always find more documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro