Rapid 7 - Metasploit Weekly Wrap-up 11/29/2024

New module content (4)

Acronis Cyber Protect/Backup machine info disclosure

Metasploit Weekly Wrap-up 11/29/2024

Authors: Sandro Tolksdorf of usd AG. and h00die-gr3y h00die.gr3y@gmail.com
Type: Auxiliary
Pull request: #19582 contributed by h00die-gr3y
Path: gather/acronis_cyber_protect_machine_info_disclosure
AttackerKB reference: CVE-2022-3405

Description: Adds an auxiliary module which exploits Sensitive information disclosure due to an improper authentication vulnerability in Acronis Cyber Protect 15 before build 29486 and Acronis Cyber Backup 12.5 before build 16545.

Strapi CMS Unauthenticated Password Reset

Authors: WackyH4cker and h00die
Type: Auxiliary
Pull request: #19654 contributed by h00die
Path: scanner/http/strapi_3_password_reset
AttackerKB reference: CVE-2019-18818

Description: Adds a module that lets you leverage the mishandling of a password reset request for Strapi CMS version 3.0.0-beta.17.4, which results in the ability to change the password of the admin user.

ProjectSend r1295 - r1605 Unauthenticated Remote Code Execution

Authors: Florent Sicchio, Hugo Clout, and ostrichgolf
Type: Exploit
Pull request: #19531 contributed by ostrichgolf
Path: linux/http/projectsend_unauth_rce

Description: Adds a new exploit module targeting ProjectSend versions r1335 through r1605. The module exploits an improper authorization vulnerability, allowing unauthenticated RCE by manipulating the application's configuration settings.

CUPS IPP Attributes LAN Remote Code Execution

Authors: David Batley, RageLtMan rageltman@sempervictus, Rick de Jager, Ryan Emmons, Simone Margaritelli, and Spencer McIntyre
Type: Exploit
Pull request: #19630 contributed by remmons-r7
Path: multi/misc/cups_ipp_remote_code_execution
AttackerKB reference: CVE-2024-47176

Description: This adds an exploit for CUPS, where a remote attacker can advertise a malicious printing service that when used will execute a command on the printing client.

Enhancements and features (2)

  • #19651 from smashery - This updates the smb_version module to detect the host OS version when SMB 1 is disabled.
  • #19678 from smashery - This adds a new LDAP query to enumerate computer accounts that were created with the "pre-Windows 2000 computer" option which might mean they weak passwords.

Bugs fixed (0)

None

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro



from Rapid7 Cybersecurity Blog https://blog.rapid7.com/2024/11/29/metasploit-weekly-wrapup-11-29-2024/

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"