diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index fdcdf09cfa10..58a6432ee6da 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -81937,6 +81937,72 @@ "session_types": false, "needs_cleanup": null }, + "exploit_linux/http/watchguard_firebox_unauth_rce_cve_2022_26318": { + "name": "WatchGuard XTM Firebox Unauthenticated Remote Command Execution", + "fullname": "exploit/linux/http/watchguard_firebox_unauth_rce_cve_2022_26318", + "aliases": [ + + ], + "rank": 400, + "disclosure_date": "2022-08-29", + "type": "exploit", + "author": [ + "h00die-gr3y ", + "Charles Fol (Ambionics Security)", + "Dylan Pindur (AssetNote)", + "Misterxid" + ], + "description": "This module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox\n and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary\n called wgagent using pre-authentication endpoint /agent/login.\n This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x\n before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.", + "references": [ + "CVE-2022-26318", + "URL-https://www.ambionics.io/blog/hacking-watchguard-firewalls", + "URL-https://www.assetnote.io/resources/research/diving-deeper-into-watchguard-pre-auth-rce-cve-2022-26318", + "URL-https://github.com/misterxid/watchguard_cve-2022-26318", + "URL-https://attackerkb.com/topics/t8Nrnu99ZE/cve-2022-26318" + ], + "platform": "Unix", + "arch": "cmd", + "rport": 8080, + "autofilter_ports": [ + 80, + 8080, + 443, + 8000, + 8888, + 8880, + 8008, + 3000, + 8443 + ], + "autofilter_services": [ + "http", + "https" + ], + "targets": [ + "Automatic (Reverse Python Interactive Shell)" + ], + "mod_time": "2024-03-28 08:43:08 +0000", + "path": "/modules/exploits/linux/http/watchguard_firebox_unauth_rce_cve_2022_26318.rb", + "is_install_path": true, + "ref_name": "linux/http/watchguard_firebox_unauth_rce_cve_2022_26318", + "check": true, + "post_auth": false, + "default_credential": false, + "notes": { + "Stability": [ + "service-resource-loss" + ], + "SideEffects": [ + "artifacts-on-disk", + "ioc-in-logs" + ], + "Reliability": [ + "repeatable-session" + ] + }, + "session_types": false, + "needs_cleanup": null + }, "exploit_linux/http/wd_mycloud_multiupload_upload": { "name": "Western Digital MyCloud multi_uploadify File Upload Vulnerability", "fullname": "exploit/linux/http/wd_mycloud_multiupload_upload",