automatic module_metadata_base.json update

rapid7 · Mar 20, 2024 · a0d162b · a0d162b
1 parent 2b90d33
commit a0d162b
Showing 1 changed file with 60 additions and 0 deletions.
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -76752,6 +76752,66 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/opennms_horizon_authenticated_rce": {
+    "name": "OpenNMS Horizon Authenticated RCE",
+    "fullname": "exploit/linux/http/opennms_horizon_authenticated_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-07-01",
+    "type": "exploit",
+    "author": [
+      "Erik Wynter"
+    ],
+    "description": "This module exploits built-in functionality in OpenNMS\n          Horizon in order to execute arbitrary commands as the\n          opennms user. For versions 32.0.2 and higher, this\n          module requires valid credentials for a user with\n          ROLE_FILESYSTEM_EDITOR privileges and either\n          ROLE_ADMIN or ROLE_REST.\n\n          For versions 32.0.1 and lower, credentials are\n          required for a user with ROLE_FILESYSTEM_EDITOR,\n          ROLE_REST, and/or ROLE_ADMIN privileges. In that case,\n          the module will automatically escalate privileges via\n          CVE-2023-40315 or CVE-2023-0872 if necessary.\n\n          This module has been successfully tested against OpenNMS\n          version 31.0.7",
+    "references": [
+      "CVE-2023-40315",
+      "CVE-2023-0872"
+    ],
+    "platform": "Linux",
+    "arch": "ARCH_CMD",
+    "rport": 8980,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Linux"
+    ],
+    "mod_time": "2024-03-20 11:39:19 +0000",
+    "path": "/modules/exploits/linux/http/opennms_horizon_authenticated_rce.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/opennms_horizon_authenticated_rce",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_linux/http/opentsdb_key_cmd_injection": {
     "name": "OpenTSDB 2.4.1 unauthenticated command injection",
     "fullname": "exploit/linux/http/opentsdb_key_cmd_injection",