From a0d162bc9f6726175db3581e60e0bb234b160fd9 Mon Sep 17 00:00:00 2001 From: Metasploit Date: Wed, 20 Mar 2024 15:10:21 -0500 Subject: [PATCH] automatic module_metadata_base.json update --- db/modules_metadata_base.json | 60 +++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index 5978ba6f91db..49cced816d3c 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -76752,6 +76752,66 @@ "session_types": false, "needs_cleanup": null }, + "exploit_linux/http/opennms_horizon_authenticated_rce": { + "name": "OpenNMS Horizon Authenticated RCE", + "fullname": "exploit/linux/http/opennms_horizon_authenticated_rce", + "aliases": [ + + ], + "rank": 600, + "disclosure_date": "2023-07-01", + "type": "exploit", + "author": [ + "Erik Wynter" + ], + "description": "This module exploits built-in functionality in OpenNMS\n Horizon in order to execute arbitrary commands as the\n opennms user. For versions 32.0.2 and higher, this\n module requires valid credentials for a user with\n ROLE_FILESYSTEM_EDITOR privileges and either\n ROLE_ADMIN or ROLE_REST.\n\n For versions 32.0.1 and lower, credentials are\n required for a user with ROLE_FILESYSTEM_EDITOR,\n ROLE_REST, and/or ROLE_ADMIN privileges. In that case,\n the module will automatically escalate privileges via\n CVE-2023-40315 or CVE-2023-0872 if necessary.\n\n This module has been successfully tested against OpenNMS\n version 31.0.7", + "references": [ + "CVE-2023-40315", + "CVE-2023-0872" + ], + "platform": "Linux", + "arch": "ARCH_CMD", + "rport": 8980, + "autofilter_ports": [ + 80, + 8080, + 443, + 8000, + 8888, + 8880, + 8008, + 3000, + 8443 + ], + "autofilter_services": [ + "http", + "https" + ], + "targets": [ + "Linux" + ], + "mod_time": "2024-03-20 11:39:19 +0000", + "path": "/modules/exploits/linux/http/opennms_horizon_authenticated_rce.rb", + "is_install_path": true, + "ref_name": "linux/http/opennms_horizon_authenticated_rce", + "check": true, + "post_auth": true, + "default_credential": false, + "notes": { + "Stability": [ + "crash-safe" + ], + "SideEffects": [ + "artifacts-on-disk", + "ioc-in-logs" + ], + "Reliability": [ + "repeatable-session" + ] + }, + "session_types": false, + "needs_cleanup": null + }, "exploit_linux/http/opentsdb_key_cmd_injection": { "name": "OpenTSDB 2.4.1 unauthenticated command injection", "fullname": "exploit/linux/http/opentsdb_key_cmd_injection",