CVE-2017-5231 - CERT CVE
ID CVE-2017-5231
Sažetak All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.
Reference
CVSS
Base: 5.1
Impact: 6.4
Exploitability:4.9
Pristup
VektorSloženostAutentikacija
NETWORK HIGH NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL PARTIAL
CVSS vektor AV:N/AC:H/Au:N/C:P/I:P/A:P
Zadnje važnije ažuriranje 21-03-2017 - 01:59
Objavljeno 02-03-2017 - 20:59