Описание
The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:metasploit:metasploit_framework:2.0:*:*:*:*:*:*:*
cpe:2.3:a:metasploit:metasploit_framework:2.1:*:*:*:*:*:*:*
cpe:2.3:a:metasploit:metasploit_framework:2.2:*:*:*:*:*:*:*
cpe:2.3:a:metasploit:metasploit_framework:2.3:*:*:*:*:*:*:*
cpe:2.3:a:metasploit:metasploit_framework:2.4:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00488
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command.
EPSS
Процентиль: 65%
0.00488
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other