This week’s highlight is a new exploit module by our own wvu for VMware vCenter Server CVE-2021-22005, a file upload vuln that arises from a flaw in vCenter’s analytics/telemetry service, which is enabled by default. Attackers with network access to port 443 can upload a specially crafted file, after which commands can be executed as the root user without prior authentication. As usual, this latest vCenter Server vulnerability was exploited in the wild quickly after details were released. See Rapid7’s full technical analysis in AttackerKB.
This week’s release also includes a privilege escalation module for a Linux kernel vulnerability in Netfilter that lets you get a root shell through an out-of-bounds write. The vulnerability was discovered by Andy Nguyen and has been present in the Linux kernel for the past 15 years. The module currently supports 18 versions of the Ubuntu kernel ranging between 5.8.0-23 to 5.8.0-53 thanks to bcoles, and there are plans to add further support for kernel versions 4.x in the future, once an ROP chain for said version is created.
post/hardware/automotive/diagnostic_state
module which will keep the vehicle in a diagnostic state.db_disconnect
in msfconsolecheck
method for the Gitea Git hooks RCE module has been updated to correctly handle older versions of Gitea and report their exploitability as unknown vs reporting the target as not running Gitea.action
wasn’t correctly being set when using the action name as a command. action
should now hold the right value when using the action name as a command.tools/dev/msftidy.rb
whereby if the Notes
section was placed before the References
section, then msftidy
would end up not checking the References
section and would therefore state the module didn’t have a CVE reference, even when it did.As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial edition).